Amazon Web Services (AWS) has announced a groundbreaking enhancement to its Security Incident Response functionalities, introducing agentic AI-powered investigation tools designed to transform how organizations prepare for, respond to, and recover from security incidents. Effective November 21, 2025, this innovative technology aims to expedite the incident response process by delivering clear and actionable insights.
"The new investigative agent automatically gathers evidence across multiple AWS data sources, correlates the data, then presents findings in clear summaries," said an AWS spokesperson. This capability is set to significantly reduce the time organizations require to investigate potential security issues, thereby minimizing business interruptions.
"The new investigative agent automatically gathers evidence across multiple AWS data sources, correlates the data, then presents findings in clear summaries,"
When a security event case is reported through the Security Incident Response console, the AI agent promptly begins its assessment of the case details. This includes identifying any missing elements such as indicators of compromise, resource identifiers, and relevant timeframes. "It asks the case submitter clarifying questions to gather these details," explained the AWS representative. This proactive stance is intended to lessen the typical delays caused by prolonged communications during case resolutions.
"It asks the case submitter clarifying questions to gather these details,"
Once it has collated the necessary information, the investigative agent taps into an array of AWS data sources, including AWS CloudTrail, AWS Identity and Access Management (IAM), Amazon EC2, and AWS Cost Explorer. By automatically correlating this data, organizations can receive a thorough analysis without the need for manual evidence collection, facilitating quicker investigations.
"Security teams can track all investigation activities directly through the AWS console and view summaries in their preferred integration tools," the spokesperson added. This new feature is automatically enabled for all Security Incident Response customers globally, with no extra cost, enhancing accessibility across all AWS Regions where the service operates.
"Security teams can track all investigation activities directly through the AWS console and view summaries in their preferred integration tools,"
The integration of AI into AWS's security protocols marks a critical shift towards more efficient solutions in cybersecurity, acknowledging the increasing complexity of security incidents facing organizations today. Companies are encouraged to visit the AWS Security Incident Response overview page and console to learn more about these exciting new capabilities.
As organizations continue to face diverse and evolving security threats, the introduction of AI in incident response is not just a luxury but a necessary evolution. AWS's commitment to supporting its customers with innovative technologies aims not only to enhance security measures but also to streamline operational efficiency in the digital landscape.
