AWS Summit New York 2026 opened at the Javits Center on June 17, and the most substantive announcements were for Amazon Bedrock AgentCore — the platform AWS is building for enterprises that need to run AI agents at scale inside a secured cloud environment.

Three new capabilities were introduced that address the practical gaps stopping many enterprise AI agent deployments from moving from proof of concept into production.

Managed Knowledge Base: Enterprise RAG Without the Build Work

Retrieval-augmented generation, or RAG, is the technique that lets AI agents answer questions based on a company’s own documents and data rather than just general training knowledge. The problem until now is that building a production-grade RAG pipeline is genuinely complex. You need to connect data sources, parse different file formats, chunk documents intelligently, maintain embeddings, and build query logic that can handle ambiguous questions.

Amazon Bedrock Managed Knowledge Base addresses this directly. It includes native data connectors for pulling from existing data sources, Smart Parsing for automatic multi-format data preparation (meaning it handles varied document types without manual formatting work), and an Agentic Retriever for complex multi-step queries that go beyond basic similarity search.

All of this integrates with AgentCore Gateway, so agents can access the knowledge base as part of their standard tool set without custom integration work. For enterprise teams that have been delayed by the engineering overhead of building RAG pipelines, this changes the timeline significantly.

Web Search: Current Knowledge Inside a Secure Environment

A common limitation with enterprise AI agents is that their knowledge cuts off at a training date. For agents handling tasks that depend on current market conditions, recent regulatory changes, or live industry news, static training data is a problem.

AWS has added Web Search to AgentCore, allowing agents to ground responses in current, cited web knowledge. The notable feature here is zero data egress from the customer’s secured AWS environment. The agents access current web content but the data never leaves the customer’s cloud boundary — addressing a concern that has caused enterprise security teams to block web-enabled AI features at other platforms.

AgentCore Optimization: Agents That Learn from Production Use

Perhaps the most forward-looking of the three announcements is AgentCore Optimization, which turns production traces into continuous improvements. When agents complete tasks in production, the system can analyse those traces to identify where agents performed well, where they took inefficient paths, and where they produced outputs that were rated poorly.

This creates a feedback loop for agent improvement that does not require developers to manually identify failure cases and retrain from scratch. For organisations running agents across hundreds of daily interactions, this is how agent performance gets better over time without constant human intervention.

Security Architecture: Firecracker MicroVM Isolation

Underpinning all of these features is a security architecture detail that matters for enterprise risk teams. Each AI agent session in AgentCore runs in a dedicated Firecracker microVM. These virtual machines boot in under 125 milliseconds and impose CPU, memory, and filesystem isolation at the hardware-virtualization level.

That means agent sessions cannot access each other’s data, even when running on shared infrastructure. For enterprises managing agents that handle sensitive customer data, financial records, or proprietary business information, hardware-level isolation is a meaningful security guarantee.

What This Means for Business

The three features announced at AWS Summit NYC collectively address the most common enterprise objections to deploying AI agents in production.

The knowledge problem — agents not knowing your company’s data — is addressed by Managed Knowledge Base. The currency problem — agents not knowing what happened recently — is addressed by Web Search. The improvement problem — agents not getting better without developer intervention — is addressed by AgentCore Optimization. And the security problem — agents potentially leaking data across sessions — is addressed by Firecracker microVM isolation.

This is the pattern of enterprise AI infrastructure maturing. The early agent deployments from 2024 and 2025 required substantial custom engineering to make agents trustworthy enough for production. The current generation of platforms is absorbing that engineering complexity as managed infrastructure, lowering the skill and cost barrier for deployment.

For businesses evaluating whether to build custom AI agent workflows or use managed platforms like AWS AgentCore, the feature set announced at AWS Summit NYC makes the managed path considerably more attractive than it was six months ago.

Enterprise DNA’s Omni Ops service helps businesses design and deploy AI agent workforces tailored to their operations — from initial workflow mapping through production deployment and governance. If your organisation is at the stage of moving from AI pilots into production, the infrastructure now exists to do it at scale.

Talk to the team about AI agent deployment