AWS re:Invent 2025 - Intelligent security: Protection at scale from development to production-INV214

Source: Dev.to

Introduction

Good morning, and thank you for joining us. I’m Amy, the CISO for AWS, joined by Neha Rungta, a colleague, and Andrea Abell from Eli Lilly. We’ll discuss how to scale security teams in today’s fast‑changing environment, especially with the rise of generative AI.

AI and the Evolving Threat Landscape

• Gen AI lowers the cost of targeted attacks. Threat actors can now generate convincing, personalized phishing lures at scale.
• AI tools themselves are becoming targets. Prompt injection attacks are evolving; attackers embed malicious prompts in content that developer toolchains will execute.
• Autonomous AI agents increase attack complexity. Adversaries are planning for AI‑driven behaviors in their threat models.

While these trends introduce new risks, they also provide defenders with powerful capabilities to process information faster and more accurately.

Scaling Security: Three Core Strategies

1. Embed Security Expertise Throughout Development Workflows

• Move beyond the “shift‑left” mindset, which assumes a linear development timeline. Modern development is iterative and chaotic, especially with generative AI.
• Integrate security specialists into every phase of product design, coding, testing, and operations.
• Use security primitives and automated tools that become part of the developer’s everyday workflow, rather than an after‑the‑fact checkpoint.

2. Adapt to Changing Risks with the Right Metrics

• Traditional metrics (e.g., number of findings) are less useful in a non‑deterministic environment.
• Focus on fix speed, mean time to detect, and mean time to respond to gauge the effectiveness of security controls.
• Continuously measure and adjust based on how quickly threats are mitigated, not just how many are discovered.

3. Partner Closely with the Business

• Align security initiatives with actual business problems rather than treating security as a generic, one‑size‑fits‑all function.
• Work side‑by‑side with product owners, engineering, and operations to ensure security controls support business goals and user experience.
• Create a “flywheel” where security improvements enable faster innovation, which in turn funds further security investments.

AWS Internal Systems Highlighted

• Blackfoot: Handles ~312 trillion network flows daily, providing massive visibility into traffic patterns.
• MadPot: Engages with ~550 million malicious activities, enabling rapid detection and response.
• AWS Security Agent: Translates high‑level security intentions into concrete enforcement mechanisms across services.

These systems illustrate how AWS operationalizes the three scaling strategies at massive scale.

Customer Story: Eli Lilly

Andrea Abell described how Eli Lilly uses threat modeling for third‑party integrations in partnership with AWS. By embedding security early in the supply‑chain design and continuously measuring risk, they created a positive feedback loop that scales supply‑chain risk management across the organization.

Practical Benefits of AI‑Powered Security

• Log‑analysis acceleration: Internal processes that once took ~4 hours now average ~11 minutes, thanks to AI‑driven log parsing and correlation.
• Automated incident response: When a credential compromise is detected, AI automatically pulls relevant CloudTrail data, maps affected entities, and generates actionable recommendations for responders.
• Speed of response: Faster data collection and analysis enable security teams to contain threats before they spread laterally.

Key Takeaways

1. Embed security across all development and operational stages, treating it as a continuous, collaborative activity.
2. Measure what matters—focus on remediation speed and response effectiveness rather than sheer volume of findings.
3. Collaborate with the business to ensure security solutions address real‑world problems and drive a virtuous cycle of innovation and protection.

By adopting these approaches, security teams can keep pace with rapid AI advancements, evolving threat actors, and the scale required for modern cloud environments.