Security for agentic AI on AWS
James Schafer and Melanie Li, Amazon Web Services
January 2026 (document history)
While agentic AI systems might be a relatively new concept, many of the security risks they present have well-known, effective controls.
This guide provides practical security recommendations for developing hosted agentic AI systems the follow the perceive, react, act layer architecture. Hosted agentic AI systems can support various business outcomes with differing risk tolerance levels. Due to this variance, some best practices in this guide are more applicable depending on your use case. Adoption of suitable controls can be phased in and enhanced through the lifecycle of the system based on organizational priorities. It's critical to understand which threats are relevant to your workload in order to understand which controls will be effective in achieving alignment with your risk appetite.
For any threat identified, you should implement multiple controls across more than one
security control type. This guide maps its best practices to the OWASP
Top 10 for Large Language Model Applications
Intended audience
This guide is for architects, developers, and technology leaders who need to safely and compliantly operate AI-driven software agents. To understand the concepts and recommendations in this guide, you should be familiar with modern cloud-native architectures and distributed systems, large language models, foundation model capabilities, DevOps, and platform engineering.
Objectives
This guide helps you do the following:
-
Understand the design decisions that relate to securely operating hosted agentic AI systems
-
Determine how to design and operate hosted agentic AI systems in accordance with your target risk posture
-
Align functional controls with industry frameworks
About this content series
This guide is part of a series about agentic AI on AWS. For more information and to
view the other guides in this series, see Agentic AI
