Would you pay AWS to have them attack your website?

Well, soon you will be able to with AWS Security Agent.

AWS Security Agent does a few things, such as code reviews, which I would be curious about what models they are using under the hood for, and how they fine-tuned it, but that information isn’t public yet, to my knowledge.

The feature I find most interesting is its on-demand penetration testing. It makes you wonder how wild things can get if you give an LLM access to Kali Linux and tell it to go nuts.

I’m sure AWS’s implementation is a bit more nuanced, but I am still curious how off the rails it can get when simulating an XSS or SQL injection attack.

It takes some of the fun out of pen testing, honestly. I rather enjoy finding crazy ways to blast through my client’s security during a security audit; Feeding in inputs they never expected, jacking sessions, and much more.

With that said, I can’t wait to get my hands dirty with AWS Security Agent to see how it works. Let me know if you want to see a deeper dive or a video on it.

If you aren't ready to delegate 100% of your infosec to an agent yet, you should check out my On-Demand Video Course on O'Reilly Zero to Hero on AWS Security: An Animated Guide to Security in the Cloud.