AWS announces AWS Continuum for code vulnerabilities, now available in gated preview. The platform addresses the entire vulnerability lifecycle, from discovery to remediation, using multiple Frontier AI models. Security teams start in “learn mode” and can scale up step by step to automated enforcement.
The traditional security model—collecting telemetry, storing data, and reviewing dashboards—falls short, according to AWS. Frontier AI models can now identify software vulnerabilities and analyze attack paths at machine speed, leading to an exponentially growing backlog. AWS Continuum for Code Vulnerabilities, available today in a gated preview, aims to change that.
The platform addresses the entire vulnerability lifecycle, from detection to remediation, and utilizes multiple frontier models, deploying each model where it performs best.
Four Phases: From Discovery to Remediation
AWS Continuum operates in four continuous phases. Discovery: the platform imports existing backlogs and performs its own environment scan. Prioritization: Each item found is assessed for context. The key questions are: Is the component active and accessible, and what is the business impact if exploited? The result is a well-founded priority list.
This is followed by validation. Continuum builds working exploit examples in a sandbox, providing concrete, reproducible evidence. In the fourth phase, mitigation and remediation, the system assesses existing defense mechanisms and proposes changes to network configurations, policies, or code patches. That recommendation is validated using the same system that previously confirmed the vulnerability.
Building Trust in Stages
Continuum starts in “learn mode,” with a human remaining involved throughout the process. Each recommendation includes the reasoning behind the decision. As organizations build trust, they can transition to “enforce mode,” where remediation becomes increasingly automated based on self-defined categories and risk profiles.
In addition to code vulnerabilities, Continuum also includes penetration testing, code scanning, and a new threat modeling feature currently in preview. The latter automatically generates threat models from design documents or source code and delivers results in STRIDE format. AWS is currently collaborating with customers in the financial services, automotive, and technology sectors to further shape the platform.
Tip: AWS CodeGuru now detects “sensitive information” in code