At its New York Summit on 17 June 2026, AWS introduced two new services aimed at the gap between how much data an organisation generates and how much of it its security and engineering teams can actually act on. AWS Context builds a real-time knowledge graph out of an organisation’s infrastructure, permissions, network topology, code, and internal documentation. AWS Continuum, now available for code vulnerabilities in gated preview, uses that graph to work through the entire lifecycle of a vulnerability without waiting for a person to pick up the ticket.
What Continuum actually does
Continuum ingests findings from existing scanning tools as well as its own, then prioritises them against the context graph rather than a generic severity score. Once a finding is flagged, it attempts to validate exploitability by building a reproducible proof of concept inside an isolated sandbox, rather than asking a human to first confirm the finding is real. From there it can apply fast, reversible mitigations within guardrails an organisation defines, followed by a durable fix.
Crucially, Continuum starts in a learn mode with a human in the loop for every action, and every recommendation ships with the reasoning behind it. Teams can graduate specific categories of finding to an enforce mode over time, as confidence in the tool’s judgement builds, rather than switching on full automation from day one. AWS has named Capital One, MongoDB, Rivian, and Robinhood as design partners during the preview phase.
The case for it, and the questions it raises
The pitch is straightforward: most organisations do not have a shortage of vulnerability findings, they have a shortage of the triage capacity needed to work through them, and the gap between disclosure and remediation is exactly where attackers operate. A service that validates exploitability automatically and proposes reversible fixes addresses a real bottleneck that manual processes struggle to keep pace with, particularly as the volume of dependencies and generated code continues to grow.
It also raises the governance questions that come with any system granted the ability to make changes to production code paths, even reversible ones. European organisations subject to NIS2 and sector-specific operational resilience requirements will need to think carefully about what “human in the loop” means in practice, how the guardrails for an eventual enforce mode are defined and audited, and how a Continuum-driven change is documented for compliance purposes compared with a change made by an engineer. None of that is a reason to avoid the tool. It is a reason to plan the governance model before flipping any category from learn mode to enforce mode.
What this means for teams evaluating it
Organisations already running substantial AWS workloads should treat the gated preview as an opportunity to understand how Continuum’s prioritisation and validation logic behaves against their own environment before enforcement decisions are on the table. That evaluation is also the right moment to define which categories of finding, if any, are appropriate candidates for automated remediation, and which should remain a human decision regardless of how the tool performs.
If your organisation wants help evaluating AWS Continuum or AWS Context for your environment, or needs a governance framework for how automated remediation tools fit into your existing change management and compliance processes, contact Excello Digital. We help European teams adopt AWS’s newest security tooling without losing sight of the audit trail regulators expect.
