Why AWS Built Rex

Agentic AI can generate and execute code without constant supervision. Therefore, each action it takes widens the attack surface. AWS designed Rex to intercept every operation from those agents. Furthermore, Rex maps each call against Cedar policies, denying anything out of scope. This runtime gating blocks malicious or hallucinated commands before damage occurs.

Rex is open source under Apache-2.0. Moreover, the project supports community audits and integrations across cloud workloads. Industry analyst Tim Freestone praises the step yet warns about the remaining data-layer gap — a reminder that runtime checks alone cannot satisfy audits. Nevertheless, Rex delivers practical safety that organizations can deploy today.

Evolving Threat Landscape Now

Attacks grow faster as large models uncover fresh Windows flaws. Meanwhile, defenders struggle to write detection logic at comparable speed. The National Vulnerability Database logged more than 48,000 CVEs in 2025. Consequently, manual rule creation cannot keep pace. These realities motivated Amazon’s second toolset aimed at Agentic Security Detection.

• RuleForge boosted throughput by 336% versus manual work.
• The judge model cut false positives by roughly 67%.
• 63% of firms lack purpose limits on agents, reports Kiteworks.
• 60% cannot rapidly disable a misbehaving agent.

These statistics underline the urgency. However, they also reveal why automation must extend beyond runtime controls.

Inside RuleForge Detection Pipeline

RuleForge is an internal, multi-agent system that turns exploit proofs into alerts. Additionally, it evaluates each rule through automated tests, then a separate judge model scores precision. Human reviewers approve final output before production. Therefore, Amazon scales Agentic Security Detection without flooding analysts.

RuleForge ingests CVE descriptions, example payloads, and system telemetry. Subsequently, a planning agent crafts candidate patterns. Another agent transforms those patterns into executable rules. In contrast to earlier pipelines, validation runs in multiple sandboxes, lowering risk for cloud workloads and on-prem estates alike.

Cutting False Positive Rates

High alert volume overwhelms security teams. Fortunately, the judge model within RuleForge trims noise sharply. Moreover, AWS claims a 67% false-positive reduction while maintaining true positives. That balance keeps engineers focused on real threats, including emerging Windows flaws.

RuleForge currently targets AWS managed services, yet the approach could extend to Linux, macOS, and MDASH systems. Consequently, broader adoption may arrive through community forks or vendor partnerships.

Data-Layer Gaps Persist

Runtime gating stops unauthorized system calls. Nevertheless, compliance officers need purpose binding, identity-linked logs, and tamper-evident trails. The Kiteworks 2026 forecast shows only 43% of enterprises run a centralized AI data gateway. Consequently, many cannot verify that agent actions match declared business intent.

Five Eyes agencies issued joint guidance stressing layered defenses. In contrast to Rex, their document emphasizes data classification, provenance, and rapid kill-switches. Therefore, organizations pursuing Agentic Security Detection must pair runtime controls with data-layer governance.

Industry Guidance Quickly Emerges

Vendors now rush to address the gap. CrowdStrike integrates Rex with its Falcon platform. Meanwhile, Kiteworks releases policy engines tailored for cloud workloads. Moreover, the Linux Foundation plans working groups that map MDASH frameworks to agent controls. These moves demonstrate market momentum.

Professionals can validate their expertise through the AI Security Compliance™ certification. This credential tests runtime and data-layer design skills vital for emerging architectures.

Strategic Recommendations Moving Ahead

Enterprises adopting agentic AI should follow four practical steps. Firstly, deploy Rex in controlled sandboxes and refine Cedar policies. Secondly, integrate RuleForge outputs with existing SIEMs to accelerate Agentic Security Detection. Thirdly, layer data gateways that monitor purpose alignment across cloud workloads. Finally, run red-teaming exercises that exploit recent Windows flaws and MDASH vulnerabilities.

1. Map agent privileges to least-privilege Cedar rules.
2. Feed new CVEs into a RuleForge-like pipeline.
3. Adopt identity-bound, tamper-proof audit logs.
4. Train staff via vendor labs and accredited programs.

These steps reduce exposure and demonstrate due diligence to regulators. Moreover, they prepare teams for the next influx of vulnerabilities revealed by advanced models.

Rex and RuleForge prove that automation can defend as effectively as it attacks. However, full coverage requires orchestration across runtime, data, and human processes.

Therefore, security architects should pilot both tools today. Meanwhile, they must measure outcomes against compliance goals and operational metrics.

Such measurement closes the loop, ensuring Agentic Security Detection investments drive measurable risk reduction.

In contrast, ignoring data-layer controls invites audit findings and escalated breach costs.

These insights shape executive roadmaps. Consequently, forward-looking organizations gain resilience while competitors react late.

Ultimately, balanced design will transform agentic AI from a liability into a scalable defense force.