AWS sells autonomy, then builds controls to stop it

AWS autonomy – At AWS Summit on Wednesday, Amazon Web Services rolled out new “agentic AI” capabilities—starting with Amazon Quick’s no-code way to build autonomous agents. But the same day’s announcements also spotlighted release validation, “Zero Debt” cleanup automation,

When Amazon Web Services unveiled its newest “agentic” AI capabilities at AWS Summit on Wednesday, the pitch sounded almost effortless: describe what you want, and the system figures out the rest—reasoning through changing conditions and delivering results before you have to ask again.

The centerpiece was a new wave of updates to Amazon Quick, Amazon’s workplace AI assistant for nondevelopers. Users can create autonomous agents by describing them in plain language and deploy them in seconds with no code. AWS’s examples were specific and operational: an agent can monitor overnight regulatory filings. compare them against company policies. and deliver an impact assessment by morning. AWS says the agent runs continuously in the cloud and grows more effective over time, learning from interactions.

But the Summit’s broader message was harder to miss. Alongside the promise of autonomy, AWS is shipping tools designed to watch those agents, second-guess them, and undo what they’ve done—an uneasy pairing that goes to the core of what “autonomous” means in an enterprise setting.

DevOps speed meets release friction

AWS’s response to agent speed is not to step back from oversight. It is to embed it into the workflow.

The company unveiled a release-management capability for its DevOps Agent that vets AI-generated code for production readiness. AWS frames the change around a bottleneck inside organizations: coding agents can write at extraordinary speed. while human review “still crawls.” AWS also introduced Zero Debt. built on the idea that faster code generation makes technical debt compound faster too—so cleanup has to be continuous and autonomous as well.

On the security side, AWS described a capability that begins every remediation in “learn mode” and only graduates to autonomous enforcement as confidence grows.

That combination—agents that move quickly. plus systems built to verify. remediate. and roll back—became the question of the day. Fast Company pressed Swami Sivasubramanian. AWS’s vice president of agentic AI. asking if agents are ready for production. why so much of the release exists to watch them. validate them. and roll them back—and what “autonomous” really means for AWS.

Sivasubramanian rejected the idea that safeguards equal weakness. He argued that deliberate friction is what makes agents usable at enterprise scale. “Inserting deliberate friction into a process isn’t a sign of good governance or strong safeguards,” he told Fast Company. “You could ask any business today. and they would trade that kind of friction in a heartbeat if they could do it safely and securely. The opportunity with AI is to replace manual friction with policy-driven controls that can operate at the speed and scale modern organizations require.”.

He pointed to code review as a key workflow that may be forced to change. AI coding agents can generate code faster than organizations can review, test, and deploy it, he said—and the mismatch creates the next bottleneck.

In Sivasubramanian’s description, AWS DevOps Agent is designed to collapse multiple stages of software development into one continuous workflow. The agent doesn’t only generate code. It can review code. create a testing environment. identify likely pipeline failures. and attempt fixes before a human has to step in. Instead of requiring an administrator to approve every action. organizations define policies. set escalation thresholds. and monitor activity through audit and observability systems.

Where adoption stalls today

For Liz Miller, vice president and principal analyst at Constellation Research, the friction AWS is addressing is less about a lack of faith in the technology than about how far enterprise adoption has progressed.

“In conversation after conversation with enterprise technology leaders. governance. risk. and accountability are always the leading concerns and constraints to advancing their AI and. more specifically. their agentic agendas. ” Miller said. From that angle. AWS’s announcements are aimed at making agents usable inside enterprises as much as making them more capable.

Miller said organizations won’t bring agents into production if they can’t de-risk them and the models. “No matter how much someone wants to use AI, if the organization can’t de-risk the agents and the models, they won’t be allowed into production,” she said.

She also suggested that infrastructure updates may prove as important as the agents themselves, naming AgentCore Harness as the managed runtime for agents and AgentCore Policies as part of the broader platform.

Miller described a split in the market between two narratives: one in which AI is “miraculous and capable of astounding things. ” and another in which enterprises must work through accountability. governance. cost. and business value. “Yes, these models are incredible,” she added. “But business leaders still have to show how AI makes the business itself more incredible.”.

Autonomy, redefined for long-running work

The word “autonomous” has been used so often that many buyers hear it as marketing wallpaper. AWS’s executives are trying to put different weight behind it.

Sivasubramanian said reasoning and memory have improved enough over the past few months that execution is largely solved. What remains harder is keeping an agent on the right path over time—continuing to make good decisions as conditions change and remaining aligned with business goals.

“For us, autonomy is defined by whether those actions remain trustworthy over the course of a long-running process,” he said.

That is why, in his framing, AWS is starting security in learn mode rather than turning on full enforcement immediately. As customers gain confidence and set guardrails for the decisions the system can make on its own, the agent can take on more autonomous action over time.

In healthcare and other safety-critical domains, he said human control stays in place. “What we’re building is not a binary model where humans disappear,” he said. “It’s a framework that allows organizations to decide where autonomy makes sense and where human oversight continues to add value.”

The governance risk nobody can ignore

There’s a second, sharper edge to the Quick assistant promise: describe an objective and get a working autonomous agent in under a minute. That convenience has a built-in fear—what stops a company from spinning up thousands of agents faster than it can govern them?

Sivasubramanian answered by tying governance to the agent itself rather than to human gates that must be opened. “We want to make it easy for anyone to build agents and use agents in their existing systems in a way that is accurate. trustworthy. and secure. ” he said. “A great agent is one thing that can help you deliver a great outcome for a customer. but it’s only one aspect.”.

He argued the harder challenge is everything around the model: the infrastructure to run securely at scale, the data layer that supplies the right context, and the tools that enable it to take action across systems.

Miller agreed that the speed gap between what AI can do and what enterprises are willing to let it do has narrowed. Still, she warned the biggest failures may come from organizations confusing automation with autonomy. “We won’t see fully autonomous customer-facing roles being taken over by AI,” she told Fast Company. “This isn’t to say the folly of firing your whole customer service or marketing team won’t happen—they will. and they will be headline-making disasters.”.

Not just velocity—cost, value, and risk controls

Even with the enterprise push for faster deployment, the most-cited research suggests speed is not the main obstacle.

Gartner projects that more than 40% of agentic AI projects will be scrapped by the end of 2027. The reasons, cited by Gartner, are escalating costs, murky business value, and inadequate risk controls—none of which is described as a basic infrastructure-speed problem.

So why is AWS still putting velocity at the center of its pitch?. Sivasubramanian said the skepticism resembles doubts that came with earlier platform shifts such as cloud computing. He pointed to customer examples. arguing that mainframe modernization projects that historically stretched three or four years are now being completed in less than six months on some applications.

He offered a different bottleneck than raw intelligence. “One of the biggest lessons we’ve learned is that intelligence is no longer the primary bottleneck. Context is,” he said. “You can have a highly capable model. but if it doesn’t understand your systems. your policies. your data. your workflows. and the realities of your business. it’s limited in what it can accomplish.”.

Still, AWS’s autonomous claims were not backed in the Summit coverage by error rates, accuracy benchmarks, or time-in-production metrics.

Accountability doesn’t vanish with autonomy

Every agentic AI announcement runs into the same unresolved question: who is accountable when something goes wrong?

Even as software takes on more execution, companies still own the outcomes. A security agent can trigger an outage. A business agent can make the wrong call. An AI-generated release can still break production.

Sivasubramanian acknowledged the industry is still working out what the reality means. “With the pace technology is going today. it would be hard for anyone to look five years out and tell you with any certainty what should or should not be automated. ” he said. “We don’t deploy patches instantaneously everywhere. If the agent encounters conditions that the developer set in advance, it will bring the developer in for review.”.

He was also blunt about what autonomy can’t offload. “Humans approve fewer individual actions while remaining responsible for the system-level decisions that determine outcomes,” he said. “The approval surface shrinks to a few big priorities. The accountability doesn’t.”

That framing lands differently after the day’s announcements: if autonomy is truly ready, guardrails function like a courtesy. If it isn’t, they become the product. Either way. AWS is staking its claim on the future in a very practical way—autonomous agents are coming. but the enterprises adopting them may soon have to route everything through the controls built to keep the promise from breaking.

AWS Amazon Quick agentic AI autonomous agents DevOps Agent DevOps release management Zero Debt technical debt security learn mode AgentCore Harness AgentCore Policies enterprise AI governance accountability risk controls Gartner mainframe modernization