AWS re:Inforce 2025: Cloud gets a new shield

The latest wave of cloud threats has outpaced old security models, if a series of new security upgrades from cloud leader Amazon Web Services (AWS) is anything to go by. At its annual security conference, AWS re:Inforce 2025, held in Philadelphia this week, the company launched three major upgrades designed to help customers respond faster to complex cyberattacks while keeping cloud infrastructure simple and manageable.

The announcements reflect both a continuation and a pivot in strategy to address growing threats from AI-enabled cybercriminals: building tools that are proactive, integrated, and deeply AI-aware.

AWS Security Hub: command centre for risk

The first new service, AWS Security Hub, brings together data from across the cloud ecosystem into one view, helping security teams identify, prioritise, and respond to active threats.

Rather than trawling through dozens of dashboards, administrators can now track critical issues in a single interface. It flags the most urgent risks, like unpatched vulnerabilities or open access configurations, and links them to remediation steps. Security Hub is designed to connect different types of security alerts, providing unified context to speed up triage and response.

Security Hub is now available in preview to AWS customers.

AWS Shield: proactive protection

The second tool extends AWS Shield’s role from reactive to proactive. Previously focused on defending against DDoS attacks, AWS Shield now maps a customer’s infrastructure to identify misconfigurations that could leave it open to exploitation.

This includes risks like SQL injection flaws or poorly configured access controls. Customers receive visual dashboards showing threat severity and AI-driven recommendations for mitigation. Shield is also integrated with Amazon Q, AWS’s generative AI assistant, allowing teams to ask questions about their security setup in plain language.

The new feature set means teams can fix weaknesses before they are discovered by attackers—especially those using AI to sweep for such gaps at scale.

Amazon GuardDuty XTD: defending containers

The third key service upgrade is to Amazon GuardDuty, AWS’s threat detection system. The new release, called GuardDuty Extended Threat Detection (XTD), expands its protection to container-based applications, which are increasingly central to cloud-native workloads.

GuardDuty XTD now monitors Kubernetes environments, using signals from EKS audit logs, container runtime, and AWS infrastructure to identify multi-stage attacks. This includes coordinated breaches where initial access, lateral movement, and exfiltration are staged over time.

For security teams, it reduces time spent investigating false positives and enables a faster focus on real threats.

Rising threats in the AI era

The announcements come as part of a broader AWS effort to reinforce trust in the cloud at a time of accelerated AI development. Cybercriminals are already using generative AI to create new forms of social engineering, probe for vulnerabilities, and mimic legitimate system behaviour.

The combination of scale, speed, and sophistication presents a new security reality: simple safeguards are no longer enough. Cloud platforms must integrate intelligence and insight directly into their fabric.

To that end, AWS pointed to improvements in cryptographic agility, support for confidential computing, and increased visibility across all layers of the infrastructure stack.

Balancing innovation with control

The re:Inforce conference focused on a central paradox: the need for security to keep pace with innovation. Customers want agility, but without increasing risk.

The new services highlight AWS’s approach to solving that tension, by embedding smart tools in the background while giving customers clear guidance up front.

By combining AI-driven detection with simplified interfaces and integration with AWS’s broader ecosystem, the company hopes to help organisations grow securely without slowing down.

As these tools roll out, they signal a broader evolution of cloud security: from building barriers to building confidence.

* Arthur Goldstuck is founder of World Wide Worx and author of “The Hitchhiker’s Guide to AI”.