AWS Continuum Infers Vulnerabilities in Code, Infrastructure, and Business Contexts

Amazon Web Services (AWS) announced a new service, AWS Continuum for code vulnerabilities, on June 22, 2026. Unlike traditional code scanning tools, this service leverages infrastructure configurations, access permissions, network topology, business priorities, and unstructured data such as documents to infer system vulnerabilities. According to an article by Publickey, this service is distinct in that it does not rely on any single AI model. Instead, it operates using a combination of multiple state-of-the-art AI models.

Understanding Context Beyond Code Scanning

Traditional vulnerability scanning methods focus on static and dynamic analysis of source code or binaries, primarily detecting known vulnerability patterns. However, determining the actual risk of these vulnerabilities in operational environments is challenging when analyzing code alone. For instance, whether a vulnerability in a certain library exists along a critical production path, or whether access controls make exploitation practically impossible, cannot be determined solely from the code.

AWS Continuum addresses this issue by integrating infrastructure configuration data from within AWS accounts. It collects data on operational environments, including VPC configurations, security groups, IAM policies, subnet settings, and load balancer configurations, and combines this data with code scan results for evaluation. Moreover, AWS Continuum incorporates unstructured data such as business documents, design papers, and compliance requirements as contextual information, enabling prioritized assessments of impact scope.

Three Features in One Platform

AWS Continuum is offered as a restructured version of the existing AWS Security Agent. The penetration testing and code scanning functions previously handled by the Security Agent are now integrated into the platform as AWS Continuum for penetration testing and AWS Continuum for code scanning, respectively. This integration allows users to manage vulnerability detection, prioritization, and remediation recommendations from a unified dashboard.

In addition, a new feature, Continuum for threat modeling, has been introduced in preview. This feature automatically generates threat models based on design documents and source code, presenting results in the industry-standard STRIDE format (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege). By visualizing threats during the design phase, this feature strengthens shift-left practices compared to traditional tools.

Mechanism of Vulnerability Inference

The process flow of AWS Continuum for code vulnerabilities is described as follows:

First, a proprietary vulnerability scan is conducted to identify vulnerabilities and related attack vectors in the code and its dependencies. Next, data related to infrastructure configurations, access permissions, network topology, and business documents is collected and assessed using the following criteria:

• Whether the affected components are actually deployed
• Whether they are accessible along potential attack paths
• Whether they reside on critical paths in production environments
• The degree of business impact in case of exploitation

Based on this evaluation, the identified vulnerabilities are assigned priority levels. To confirm the accuracy of detection results and eliminate false positives, exploit examples are constructed in a sandbox environment, providing reproducible evidence. Additionally, existing defense measures (e.g., WAF rules, security groups, patch status) are assessed, and mitigation or remediation measures—such as code fixes, network changes, or policy updates—are recommended. Where feasible, the platform also presents visualized impact scopes and rollback paths.

This comprehensive process enables developers and security teams to identify and address high-priority vulnerabilities among the numerous alerts they receive, thereby optimizing their response strategy.

AI Model-Agnostic Design

One of the key design decisions behind AWS Continuum is its independence from specific AI models. As highlighted in the Publickey article, the service employs multiple AI models, each excelling in a different domain, and is structured to incorporate new, high-performance models as they become available.

This approach sets AWS Continuum apart from competing services that rely on a single large language model (LLM). By combining task-specific models—such as those optimized for static analysis, contextual understanding, and exploit validation—AWS aims to achieve both precision and flexibility. Moreover, the platform’s ability to integrate models beyond its proprietary Amazon Bedrock broadens the range of choices available to customers, aligning with a strategy to support diverse ecosystems.

Industry Impact and Practical Challenges

The launch of AWS Continuum marks a new direction in the application of AI to cloud security. While traditional SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) have focused on code and runtime behavior, the integration of infrastructure and business contexts into risk assessments enables a more realistic evaluation of vulnerabilities.

However, practical challenges remain. Incorporating unstructured data depends heavily on the quality of documents and design papers. Using incomplete or outdated documentation as context could lead to incorrect prioritization. Additionally, the architecture that integrates multiple AI models may face complexities in managing output consistency and latency. The extent to which AWS has addressed these issues will only become clear as user experiences accumulate.

Pricing models for the service also warrant attention. While the Publickey article does not provide specific details, services utilizing multiple AI models are generally expected to incur higher costs. It is likely that pricing will be based on the number of resources scanned and usage frequency.

Editorial Opinion

In the short term, AWS Continuum is expected to serve as a natural upgrade path for existing Security Agent users, particularly for organizations managing large-scale multi-account environments. The unified dashboard for code scanning and penetration testing has the potential to reduce operational burdens on security teams. However, the balance between accuracy in processing unstructured data and minimizing false positives will be a critical factor for the platform’s success in real-world applications.

From a long-term perspective, AWS Continuum’s multi-model strategy could have a significant impact on the cloud security industry. By avoiding reliance on a single AI model, AWS ensures adaptability to technological advancements and reduces the risk of obsolescence. If risk assessments incorporating infrastructure contexts gain widespread adoption, the best practices for vulnerability management may shift from the code level to the system level. It remains to be seen whether other cloud providers will follow suit.

The editorial team believes that AWS Continuum’s true value lies in its “transparency of inference,” which will be crucial for gaining trust and widespread acceptance.

References

• Publickey: “AWS Announces ‘AWS Continuum’ to Infer Vulnerabilities Considering Infrastructure Configurations and Business Contexts, Avoiding Reliance on Specific AI Models” — Published June 22, 2026