Share
December 22, 2025
Get the Best AWS Solution
for Your Business Today!
AWS re:Invent 2025 has officially wrapped, and PMsquare was on the ground to capture the energy and the most impactful announcements. This year’s event featured dozens of new features and service enhancements spanning the AWS ecosystem. AI remained central to many of the announcements this year, but one theme stood out: AI isn’t just everywhere, it’s evolving. Unlike previous years, the focus shifted from building standalone AI tools to embedding intelligent agents directly into AWS services. From DevOps to security to migrations, these AI agents are automating routine tasks, freeing teams to innovate rather than comb through logs and spreadsheets. So, what does this mean for businesses? Here are the announcements that matter most.
Table of Contents
AWS Security Agent Preview
One of the most exciting security announcements at re:Invent was the launch of AWS Security Agent, a context-aware security solution that proactively secures applications from design to deployment. Unlike traditional SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools, which lack application context and slow down release cycles, AWS Security Agent continuously validates security requirements, performs automated design and code reviews, and delivers on demand penetration testing without scheduling delays. By leveraging application context, including design documents, source code, and organizational policies, the agent creates dynamic attack plans to uncover sophisticated vulnerabilities early in development. This helps businesses accelerate secure software delivery, reduce costly security bottlenecks, and maintain compliance without sacrificing speed, enabling faster innovation with lower risk.
AWS GuardDuty Enhancements
AWS also strengthened its threat detection capabilities with new enhancements to Amazon GuardDuty Threat Detection, by adding new attack sequence findings for EC2 instances and ECS tasks. These updates expand GuardDuty’s ability to detect multistage attacks by correlating signals from virtual machines, containers, and other AWS services into a single, high confidence finding. Using AI and ML, GuardDuty analyzes runtime activity, network logs, and API events to build a complete picture of an attack path, helping security teams quickly understand scope, prioritize remediation, and reduce investigation time. This enhancement complements existing coverage for IAM, S3, and EKS. For businesses, this means faster detection of coordinated threats across diverse workloads, minimizing operational overhead and reducing the risk of breaches that could disrupt critical applications.
AWS Security Hub General Availability
AWS reinforced its security strategy by launching Security Hub into general availability. This unified platform brings together findings from GuardDuty, Inspector, Macie, and posture management to deliver actionable insights. New capabilities include near real-time risk analytics, 1-year historical trends, customizable dashboards, and exposure-based views that highlight combined risks across resources. By automating correlation and providing context-rich findings, Security Hub reduces manual effort, accelerates detection and response, and helps organizations maintain a stronger security posture at scale. This enables businesses to reduce complexity, improve visibility across their AWS environments, and respond to threats faster without adding headcount.
S3 Vectors
Amazon introduced several new S3 features, but one of the most notable is S3 Vectors, which brings advanced AI capabilities directly into the storage layer. This feature allows developers to store and search vector embeddings in S3 without relying on separate databases or specialized infrastructure. Traditionally, organizations had to convert massive volumes of unstructured data into vectors using costly, complex systems. S3 Vectors eliminates that overhead by handling the process natively— while reducing storage and query costs by up to 90%.
With vector search integrated into S3, enterprises can simplify their AI stack and accelerate development of applications like semantic search, chatbots, fraud detection, and personalized customer experiences. Teams can move faster because they no longer need to manage or integrate a separate vector database—everything happens within the same storage platform they already trust.
Amazon S3 Enhancements: Bigger Files, Better Control
Amazon has introduced critical improvements to S3 that make it even more powerful for organizations managing large-scale data. The most notable upgrade increases the object size limit to 50 TB – ten times the previous cap. This allows organizations to store massive files like high-definition media, scientific datasets, or AI training data as single objects without splitting them up.
S3’s Expanded Metadata Capabilities are now available in more regions, making it easier for teams to search, manage, and govern their data using metadata tags. This simplifies data discovery and analysis across large repositories.
Amazon also introduced Attribute-Based Access Control (ABAC), which lets organizations control access dynamically using tags instead of managing complex permissions manually. Access can now be defined by business attributes like department, project, or environment, improving security scalability, especially for global enterprises.
These enhancements make it easier to manage larger datasets, strengthen data governance, and streamline security. Organizations can work faster with fewer errors and without investing in additional infrastructure, all on a platform they’re already using.
Managed Infrastructure Tools for Kubernetes
AWS introduced a collection of new EKS capabilities this year. These changes will fundamentally shift how teams manage common Kubernetes infrastructure tools. Rather than installing and maintaining these tools within your cluster, AWS now runs them on managed infrastructure, handling security patches, scaling, upgrades, and monitoring automatically.
Three capabilities launch initially:
- Argo CD for automated GitOps deployments
- AWS Controllers for Kubernetes (ACK) for managing AWS resources directly from Kubernetes manifests
- Kube Resource Orchestrator (KRO) for packaging complex configurations into reusable components. This shift removes significant operational overhead, allowing teams to focus on delivering business value rather than wrestling with infrastructure tooling maintenance.
The operational savings compound quickly, eliminating dedicated infrastructure tooling expertise frees both budget and engineering capacity for higher-value work.
AI-Power Modernization with AWS Transform
AWS is making a serious bet on AI-powered migration with major expansions to AWS Transform, targeting mainframe, Windows, and custom application modernization. These announcements underscore AWS’s recognition that legacy system migration remains a critical barrier for many enterprises, and that automation can compress timelines that traditionally span years into months.
Transform for mainframe now includes Reimagine capabilities that break down monolithic COBOL applications into cloud-native architectures. The AI engine extracts business logic from COBOL and JCL, generates data collection scripts, and produces automated test suites. The three-phase approach—reverse engineering, forward engineering, and deploy/test—promises to dramatically accelerate modernization while maintaining functional equivalence with legacy systems.
Transform for Windows orchestrates full-stack modernization across application code, UI frameworks, and databases using wave-based migration strategies. The system identifies dependencies and coordinates changes intelligently, potentially expediting modernization by five times compared to manual methods.
Perhaps most notable is Transform Custom, which learns your organization’s specific patterns including architectural conventions, coding standards, and internal libraries. Armed with this knowledge, it automates transformations across repositories, handling runtime upgrades, framework migrations, like Angular to React, and AWS SDK updates. AWS claims up to 80% reduction in development time for these routine but time-consuming maintenance tasks, freeing engineering teams to focus on innovation rather than maintenance.
Conclusion
This year’s re:Invent announcements make AWS’s priorities clear: democratize AI, eliminate data infrastructure friction, and automate away legacy technical debt. S3 Tables reflects a pragmatic shift – object storage shouldn’t require data engineering gymnastics for basic analytics. New capabilities in EKS and Transform tackle the often-overlooked reality that most engineering teams spend too much time maintaining infrastructure and migrating legacy systems instead of building what’s next. The common thread across these launches is pragmatism. AWS is betting that removing operational friction matters more than flashy features, and they’re probably right.
At PMsquare, we help organizations turn AWS innovations into real business outcomes, whether that means modernizing legacy systems, implementing AI-driven solutions, or optimizing cloud infrastructure for scale and cost efficiency. If you’re ready to explore how these AWS capabilities can accelerate your transformation, our team is here to guide you every step of the way.
Want more insights like this? Click here to subscribe to our blog and stay ahead of the latest cloud trends and strategies.
