Our Blog

AWS Security Incident Response now provides agentic AI-powered investigation

Published
November 21, 2025
https://aws.amazon.com/about-aws/whats-new/2025/11/aws-security-incident-response-agentic-ai-powered-investigation

AWS Security Incident Response Updates

AWS Security Incident Response now offers agentic AI-powered investigation capabilities to expedite preparation, response, and recovery from security events. The investigative agent automatically gathers and correlates evidence from multiple AWS data sources, presenting findings in clear, actionable summaries to minimize business disruption.

When a security event case is created, the investigative agent assesses case details, identifies missing information, and asks clarifying questions to gather necessary details. It collects relevant information from sources like AWS CloudTrail, IAM, Amazon EC2, and AWS Cost Explorer, providing a comprehensive analysis that reduces manual evidence gathering and speeds up investigations. Security teams can track activities and view summaries through the AWS console and preferred integration tools.

This feature is automatically enabled for all Security Incident Response customers at no additional cost in all AWS Regions where the service is available.

What to do

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/10/deepseek-openai-qwen-models-amazon-bedrock-additional-regions

DeepSeek, OpenAI, and Qwen models available in Amazon Bedrock in additional Regions

Amazon Bedrock is bringing DeepSeek-V3
Read more
https://aws.amazon.com/about-aws/whats-new/2025/11/amazon-connect-instance-to-instance-communication/

Amazon Connect now supports enhanced Instance-to-Instance communication

Amazon Connect now routes calls between instances within the same account through the AWS global backbone, without relying on the Public Switched Telephony Network (PSTN) when both numbers are provisioned or ported into Amazon Connect
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/ec2-image-builder-capabilities-managing-image-pipelines/

EC2 Image Builder now provides enhanced capabilities for managing image pipelines

EC2 Image Builder now automatically disables pipelines after consecutive failures and allows customers to configure custom log groups for image pipelines
Read more
View all