Caylent Launches Caylent Accelerate™ for Agentic Cloud Operations

AWS Summit New York 2026: New Launches and Capabilities

AWS Announcements
Generative AI & LLMOps

Explore all of the launches and capabilities announced at the 2026 AWS Summit in New York City, including Amazon Bedrock Managed Knowledge Base, AgentCore harness, AWS Context, and AWS Continuum.

AWS is expanding the managed capabilities around agentic systems and the enterprise workflows those systems touch. The keynote at the AWS Summit in New York on June 17, 2026, delivered by Swami Sivasubramanian, AWS VP of Agentic AI, was built around two announcements: AWS Context, a knowledge graph service for AI agents, and AWS Continuum, an AI-native security service. AWS's official roundup of that week covers multiple other announcements, including a fully managed knowledge base for Amazon Bedrock, a managed web search tool for agents, AgentCore harness, Amazon S3 annotations, and an AWS WAF capability that charges AI bots for content access.

This article will briefly touch on each of those announcements, both the new services and the new capabilities. We will dive into what these new capabilities mean for businesses that are building their own AI agents and those that are relying on managed services and agents for their operations.

Amazon Bedrock AgentCore Now Covers Knowledge, Web Search, and Orchestration

The most immediately usable launches of the week come from Amazon Bedrock AgentCore, and they share a pattern: work that agent teams currently do by hand, such as building ingestion pipelines, tuning retrieval, integrating a search vendor, coding orchestration loops, now moves inside the managed service boundary.

Amazon Bedrock Managed Knowledge Base

Amazon Bedrock Managed Knowledge Base, generally available at launch, collapses the components of an enterprise RAG pipeline (storage, embeddings, re-ranking, retrieval orchestration, and model selection) into a single managed primitive. It comes with six native connectors, Amazon S3, SharePoint, Confluence, Google Drive, OneDrive, and a web crawler, that ingests both content and source permissions.

The main differences from configuring the existing Amazon Bedrock Knowledge Bases yourself are:

  1. Smart Parsing automatically selects a parsing strategy per data type and connector, which is the tuning work that typically consumes the first weeks of an enterprise RAG build.
  2. The Agentic Retriever handles the queries that a single retrieval pass gets wrong by decomposing a complex question into a step-by-step plan, running multi-hop retrieval within or across knowledge bases, and evaluating intermediate results before answering. This follows the shape of the questions enterprise users actually ask, which routinely span a budget figure and the expense policy that governs it.

Managed Knowledge Base uses the same APIs as existing Bedrock Knowledge Bases, Retrieve, StartIngest, and the rest, so you can test it by pointing your code at a new knowledge base ID. It is available in US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney, Tokyo), Europe (Dublin, Frankfurt, London), and AWS GovCloud (US-West).

Pricing is on-demand along two dimensions: indexed data stored and retrievals performed. By default, the service selects and manages the embedding, re-ranking, and generation models on your behalf. Every choice can be overridden, and teams that have carefully tuned retrieval should treat the managed defaults as a starting point to validate against their own evaluation set.

Web Search on AgentCore

Web Search on AgentCore, also generally available, replaces external search APIs, which usually come with their own onboarding, billing, and data-flow reviews. Web Search is exposed as a connector target on AgentCore Gateway over MCP. The agent sends a natural-language query and receives relevant snippets, source URLs, titles, and publication dates to ground its response. It runs on the search infrastructure that Amazon uses for Alexa+, Amazon Quick, and Kiro, combining a web index with Amazon's knowledge graph to provide verified entity data.

A key benefit is that prompts and retrieval queries remain within the customer's AWS environment rather than being sent to an external provider. This is critical for customers dealing with strict data residency and compliance requirements because it removes the vendor onboarding, billing relationship, and data-flow exception.

AgentCore Harness

AgentCore harness was also launched in general availability. With it, you can declare the agent's model, tools, skills, and instructions in configuration, and AgentCore will assemble the orchestration loop, tool execution, memory management, context handling, and error recovery. At the same time, the Strands Agents toolkit added context management in its Harness SDK, an isolated execution environment called Strands Shell, and chaos testing and red teaming in Strands Evals. This makes it easier to set up, test, and run agents using Strands SDK, an excellent agentic framework that AWS developed and open-sourced.

These three AgentCore launches don't necessarily introduce new capabilities for how we build or deploy AI agents. Instead, they greatly simplify the engineering efforts and costs associated with building agents. Moreover, they significantly shorten the time it takes to create a PoC you can put in users' hands, enabling much faster and cheaper experimentation.

For a more in-depth analysis of Agentcore harness, read our blog here

Amazon S3 Annotations and AWS WAF AI Traffic Monetization

Two launches outside the agent platform change infrastructure assumptions that predate the current AI cycle: how much description an S3 object can carry and what a website can do with bot traffic besides block it.

Amazon S3 Annotations

Before Amazon S3 annotations, describing an object beyond its system metadata meant ten immutable tags or two kilobytes of user-defined headers. That was usually enough for lifecycle rules and access control, but not for anything richer. Annotations let you set up to 1,000 named annotations per object, each up to 1 MB, for a total of 1 GB of context per object, in JSON, XML, YAML, or plain text. Annotations are mutable without rewriting the object, are maintained through copy, replication, and cross-Region transfer, and are removed when the object is deleted. With S3 Metadata enabled, they flow into managed tables you can query with Amazon Athena.

The architectural consequence is that a whole category of sidecar metadata systems, such as DynamoDB tables or search indexes that exist only to describe what lives in a bucket, now becomes optional. This benefits AI agents and traditional systems that need to discover and act on data, removing the need for a separate lookup system. For example, transcripts and moderation results can now be attached directly to media assets, AI-generated summaries can be attached to research documents, regulatory status can be attached to clinical data, and all metadata is readable without retrieving objects from Glacier storage classes.

Whether annotations actually retire your metadata database is a question of economics and performance at scale. Annotations are priced at $0.023 per GB-month for storage, $0.005 per 1,000 requests for PUT, COPY, POST, LIST, and $0.0004 per 1,000 requests for GET, SELECT. They can be queried via Amazon S3 Metadata, which stores S3 objects’ metadata in fully managed Apache Iceberg tables that you can query. The key question for customers running separate metadata databases is whether Amazon S3 Metadata can support the lookup patterns they need, and what the cost is. If your only reason to spin up a separate metadata database was because there was no other way to do it, Annotations is a very good candidate to replace it. If you put significant effort into optimizing the metadata database, Annotations will be much less likely to fill that role.

AI Traffic Monetization in AWS WAF

AI bot traffic exceeds half of total traffic for many content providers, and AI crawlers are growing over 300% year over year, while returning little of the referral traffic that made search crawlers a fair trade. The asymmetry those numbers describe is one publishers already feel on their bills. AI traffic monetization in AWS WAF gives content owners a new option for AI bot traffic beyond allowing or blocking it: charging for it.

You can set per-request pricing by content path, bot category, or verification tier, and WAF meters and grants scoped access at the edge with no changes to origin infrastructure or application code. Settlement runs through Coinbase's x402 Facilitator, collecting payments in stablecoins to a wallet you designate, with Stripe direct payments and Machine Payments Protocol support coming soon.

This release is the other side of the transaction to AgentCore payments, which gives agents a way to discover paid resources and pay for them. Agents need a way to pay, and providers need a way to get paid. With AgentCore payments and this new WAF capability, AWS now allows you to operate both sides of machine-to-machine content commerce. This enables net-new capabilities for enterprises on either side of that transaction and is in line with the transformation of the internet that AI is driving.

AWS DevOps Agent and AWS Transform Target the Backlog AI-Generated Code Creates

Two previews announced at the keynote aimed at the problem of AI coding tools pushing the volume of code changes past what review, testing, and maintenance processes can absorb. This means the value that coding agents produce often sits in review queues instead of reaching users. AWS's answer is to point agents at the downstream work.

AWS DevOps Agent

AWS DevOps Agent is already generally available for post-deployment operations, such as investigating incidents, producing root-cause analyses, and recommending mitigations. The preview extends it upstream of the merge with two capabilities:

  1. Release readiness review evaluates every code change against standards you write in natural language (applying general best practices when you provide none), checks cross-repository dependency risks and access-control changes against Well-Architected guidance, and runs the software in an AWS-managed isolated environment for basic build-and-function checks, posting findings to the console and as pull request comments on GitHub or GitLab.
  2. Autonomous release testing goes further. Instead of executing a static suite, the agent reasons about what a specific change does and generates change-specific test plans for web and API applications, runs them in production-like environments you provision, and produces metrics, logs, traces, and an execution summary for reviewers.

AWS Transform Continuous Modernization

AWS Transform continuous modernization applies the same logic to code that has already shipped. Transform has been a run-based service: point it at a Java upgrade, a mainframe migration, or a Lambda runtime update, and it executes the engagement. Continuous modernization turns it into an always-on capability that scans repositories against configurable baselines, such as end-of-life dependencies and deprecated frameworks, as well as policies you define, such as approved libraries or internal coding standards. It generates findings within hours and automatically opens remediation pull requests for common patterns such as Java version upgrades, SDK migrations, and library updates.

With AI doing most of the code writing, the software development bottleneck is now everything downstream of code generation. These launches aim to address that bottleneck by automating some downstream work while keeping their autonomy bounded by the customer's definition. The DevOps Agent reviews against standards you write, and Transform remediates against baselines you configure. The pull requests both produce will still flow through your merge process.

Even with the new bottleneck, innovation continues in how we write code with AI. Kiro's new iOS app, in gated preview, lets developers start, steer, review, and approve long-running agent sessions from a phone, with no laptop running.

AWS Continuum: Autonomous Security from a Managed Agent

AWS Continuum for code vulnerabilities, available in gated preview, runs the lifecycle of a code vulnerability as one continuous, largely automated loop rather than a pipeline of dashboards and tickets. How much of that automation you actually experience is set by a trust model you control, which is where any evaluation should start.

The loop has four phases:

  1. Discovery ingests your existing findings backlog and adds Continuum's own environment scan.
  2. Prioritization evaluates each finding in context, considering whether the affected component is deployed, reachable, and in a production path, and what the business impact of exploitation would be, and produces an evidence-backed priority list.
  3. Validation constructs working exploit examples in a sandboxed environment, which turns "is this exploitable" from an analyst judgment into reproducible evidence and filters false positives before they consume the team's time.
  4. Remediation recommends a fix, be that a network change, a policy change, or a code patch, which is validated by the same system that confirmed the vulnerability, with blast-radius visibility and rollback paths where feasible.

The service is model-agnostic, routing work across multiple frontier models. It works alongside Amazon GuardDuty and AWS Security Hub rather than replacing them.

Continuum starts in learn mode, with a human-in-the-loop, and every recommendation carries its reasoning. Customers graduate it toward enforce mode, increasingly automated remediation, by categories and risk profiles they define, one class of change at a time. It is the same mechanism as the DevOps Agent's written standards and Transform's configured baselines: the customer sets the boundary within which autonomy operates.

AWS Security Agent's penetration testing and code scanning are now part of AWS Continuum, with AWS Continuum pen testing and code scanning available in preview. They're joined by a threat modeling preview that generates STRIDE-format threat models from design documents or source code. Code scanning reaches developers through pull request scanning across major Git platforms and IDE integrations via Kiro and a Claude Code plugin. Integrations to ingest detection signals from providers, including Check Point, Zscaler, Netskope, Rubrik, and SentinelOne are coming soon.

Frontier models are becoming ever more capable, with Mythos and the recently redeployed Fable 5 proving capable of finding vulnerabilities and reasoning through attack paths at machine speed. This grows the backlog of findings faster than human teams can clear, creating another instance of the bottleneck moving to a different place in the software development or software security process. Continuum is AWS's answer to that shift.

AWS Continuum is available only in gated preview, with access limited to a few partners at this point. Pricing and regional availability are unpublished, and the scope of the service is code vulnerabilities first (both first- and third-party), with expansion to other domains planned but not scheduled.

AWS Context

AWS Context automatically maps relationships across an organization's existing data into a knowledge graph and provides agents with governed, agentic search over it at runtime. Your team curates the graph through a console, reviewing relationships inferred by the service, promoting them to production, and attaching business definitions and usage rules.

Each query is designed to inherit the calling user's AWS IAM and Lake Formation permissions, so an agent can only traverse what its caller is authorized to see, and every access is auditable through controls you already operate. Moreover, key elements of the context layer are published to Amazon S3 in Apache Iceberg, consumable with Iceberg-compatible tools you already run.

Context is not yet available, with timeline and pricing yet to be announced. For a more detailed analysis, read our AWS Context blog

Summary of Announcements from AWS Summit New York

The following table includes the week's announcements, with a brief description of what they change, their status (as of early July 2026), and what you can do today. 

Launch
What it is
What it replaces or changes
Status (early July 2026)
What you can do now

Amazon Bedrock Managed Knowledge Base

Managed end-to-end RAG: connectors, parsing, agentic retrieval

Custom ingestion pipelines; self-configured Bedrock KBs

GA (7 Regions + GovCloud US-West)

Evaluate against in-flight RAG builds; same APIs lower trial cost

Web Search on AgentCore

Managed web grounding tool over MCP

External search API vendors

GA

Add to agents; validate the data-boundary claim against your compliance model

AgentCore harness

Agent declared in configuration; orchestration managed

Hand-coded orchestration loops

GA

Prototype an agent without needing to write loop code

Amazon S3 annotations

Up to 1 GB of mutable, queryable context per object

10 tags / 2 KB headers; sidecar metadata stores

Launched

Map which metadata sidecars it could retire, based on your lookup patterns. Confirm Region availability and price it at your object counts

AWS WAF AI traffic monetization

Price, meter, and charge AI bots at the edge

Block-or-allow bot policies

Available (CloudFront + Bot Control required)

Model revenue vs. serving costs; raise stablecoin settlement with finance, or wait for Stripe support

AWS DevOps Agent release management

Readiness review plus change-specific autonomous testing

Manual review capacity; static test suites

Preview

Draft the natural-language standards you'd encode; trial on one repo

AWS Transform continuous modernization

Always-on tech-debt scanning and remediation PRs

Run-based modernization projects

Preview

Define baselines; decide who owns the PR stream

AWS Continuum for code vulnerabilities

Discover → prioritize → validate → remediate loop with staged autonomy

Dashboard-and-ticket triage; standalone Security Agent

Gated preview (threat modeling: preview)

Request access; don't make commitments based on it

AWS Context

Organizational knowledge graph with identity-scoped agent search

Per-team retrieval rebuilt over the same enterprise data

Prepare S3/Glue data and Lake Formation permissions; don't make commitments based on it

Request access; don't make commitments based on it

Kiro for iOS

Start, steer, and approve agent sessions from a phone

Laptop-bound agent supervision

Gated preview

Request access if Kiro is in use

Strands Agents updates

Harness SDK context management, Strands Shell, Evals red teaming

-

Available (open source)

Update if you run Strands

Conclusion

We can identify three patterns across the launches:

  1. Agent knowledge is becoming managed layers. Organizational knowledge, world knowledge, and paid content can now be accessed via managed services instead of custom code.
  2. The constraints in knowledge-based activities, such as creating software and securing it are shifting. Services like AWS Continuum and the new features of DevOps Agent and AWS Transform are focused on the new constraints.
  3. Agents’ autonomy must be bound by rules the customer writes. The customer should provide standards, baselines, risk categories, and a hand-off dial. Infrastructure providers and agent providers must ensure those boundaries are enforced.

Context and Continuum got the most attention at the keynote. Bedrock Managed Knowledge Base, web search, AgentCore harness, Amazon S3 Annotations, and AI traffic monetization in WAF are what you can try today. Both are useful signals: one on the direction AWS is going, the other on the steps you can take today to get there.

How Caylent Can Help

The pace of innovation in AI and cloud infrastructure isn't slowing down, and turning these new capabilities into measurable business outcomes requires the right strategy and execution. Whether you're evaluating services like AWS Context, AgentCore, Amazon Bedrock Managed Knowledge Base, or AWS Continuum, Caylent can help you identify the highest-impact opportunities, accelerate implementation, and build secure, scalable AI solutions tailored to your business. From proof of concept to production, our AWS experts help organizations move faster, reduce complexity, and turn the latest AWS innovations into lasting competitive advantage. Reach out to us today to get started. 

AWS Announcements
Generative AI & LLMOps
Guille Ojeda

Guille Ojeda

Guille Ojeda is a Principal Innovation Architect at Caylent, a speaker, author, and content creator. He has published 2 books, over 200 blog articles, and writes a free newsletter called Simple AWS with more than 45,000 subscribers. He's spoken at multiple AWS Summits and other events, and was recognized as AWS Builder of the Year in 2025.

View Guille's articles

Learn more about the services mentioned

Caylent Catalysts™

Generative AI Strategy

Accelerate your generative AI initiatives with ideation sessions for use case prioritization, foundation model selection, and an assessment of your data landscape and organizational readiness.

Caylent Services

Cloud Operations & Managed Services

Reliably Operate and Optimize Your AWS Environment

Accelerate your cloud native journey

Leveraging our deep experience and patterns

Get in touch

Related Blog Posts

Claude Fable 5: Anthropic's First Public Mythos-Class Model

Explore Claude Fable 5, Anthropic's most capable generally available model, and learn how its advanced reasoning capabilities, safeguards, pricing, and deployment considerations impact real-world enterprise AI adoption.

Generative AI & LLMOps

The Agentic SDLC Journey’s North Star

Explore agentic SDLC as the shift in software development where teams balance AI and human ownership of context and decisions while adapting people, processes, and technology to work effectively with AI agents.

Generative AI & LLMOps

AWS Context: AWS's Automated Knowledge Graph for AI Agents

Explore how AWS Context creates a governed knowledge graph that gives AI agents the enterprise context needed to reason over data, enabling more accurate, secure, and scalable AI applications.

Generative AI & LLMOps