Ep106: Building Secure and Agile AI Agents at Scale with Anthropic and AWS

Security leaders from Anthropic and AWS discuss how agentic AI is transforming cybersecurity functions to autonomously handle everything from code reviews to SOC operations.

Topics Include:

• Agentic AI differs from traditional AI through autonomy and agency
• Traditional AI handles single workflow nodes, agents collapse multiple steps
• Higher model intelligence enables understanding of broader business contexts
• Agents make intelligent decisions across complex multi-step workflows processes
• Enterprise security operations are seeing workflow consolidation through GenAI
• Organizations embedding GenAI directly into customer-facing production applications
• Software-as-a-service transitioning to service-as-software through AI agents
• Securing AI requires guardrails to prevent hallucinations in applications
• New vulnerabilities appear at interaction points between system components
• Attackers target RAG systems and identity/authorization layers instead
• LLMs hallucinate non-existent packages, attackers create malicious honeypots
• Governance frameworks must be machine-readable for autonomous agent reasoning
• Amazon investing in automated reasoning to prove software correctness
• Anthropic uses Claude to write over 50% of code
• Automated code review systems integrated into CI/CD pipelines
• Security design reviews use MITRE ATT&CK framework automation
• Low-risk assessments enable developers to self-approve security reviews
• 40% reduction in application security team review workload
• Anthropic eliminated SOC, replaced entirely with Claude-based automation
• IT support roles transitioning to engineering as automation replaces frontline
• Compliance questionnaires fully automated using agentic AI workflows
• ISO 42001 framework manages AI deployment risks alongside security
• Executive risk councils evaluate AI risks using traditional enterprise processes
• AWS embeds GenAI into testing, detection, and user experience
• Finding summarization helps L1 analysts understand complex AWS environments
• Amazon encourages teams to "live in the future" with AI
• Interview candidates expected to demonstrate Claude usage during interviews
• Security remains biggest barrier to enterprise AI adoption beyond POCs
• Virtual employees predicted to arrive within next 12 months
• Model Context Protocol (MCP) creates new supply chain security risks

Participants:

• Jason Clinton – Chief Information Security Officer, Anthropic
• Gee Rittenhouse – Vice President, Security Services, AWS
• Hart Rossman – Vice President, Global Services Security, AWS
• Brian Shadpour – GM of Security and B2B Software Sales, AWS

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/