Bedrock AgentCore Policy hits GA, mixing LLM authorship with Cedar policy-as-code, the first AWS service to do that at scale. IAM gets a simplified role-creation flow with inline panels. AWS adds DESC 2026 certification for the UAE.
$ tail -f /var/log/aws-security.logCentralized, fine-grained controls for agent-to-tool interactions are now generally available. Policies are authored in natural language and converted to Cedar (the open-source authorization language by AWS). Operates outside agent code, enabling security teams to constrain AI agent behavior without modifying application logic. Available in 13 AWS Regions.
New inline panel for creating and customizing IAM roles directly within service workflows (EC2, Lambda, EKS, ECS, Glue, CloudFormation, etc.) without switching to the IAM console. Reduces context-switching and helps developers create roles with appropriate permissions from within their service context.
AWS renewed Tier 1 CSP certification from Dubai Electronic Security Centre for the Middle East (UAE) Region. Valid to January 22, 2027. Now covers 108 services (10% increase from previous year). Validated by BSI.
Security Boulevard analysis showed February's AWS permission expansion pivoted from core infrastructure to GenAI supply chain, with new fine-tuning capabilities in the Bedrock ecosystem shifting risk from data access to model behavior influence. Worth reviewing if you manage IAM policies for ML teams.
$ cat WEEKLY_SUMMARY.mdBedrock AgentCore Policy is a significant security primitive for the AI agent era. Instead of trusting agents to behave, you define constraints in Cedar that operate outside the agent's code. This is defense in depth applied to AI - the agent cannot circumvent policies it does not control.
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.