AWS New York Summit 2026: Building a Governed Foundation for Enterprise AI Agents

Data stewards manage the graph through a console, where they review machine-inferred relationships, promote them to production, and attach domain-specific definitions and usage rules . Crucially, the service is built with governance in mind from day one:

• Identity-aware access controls ensure agents only see data their users are authorized to view .
• Apache Iceberg integration is handled through AWS Lake Formation, which provides coarse and fine-grained access permissions—down to the cell level—for Iceberg tables consumed by engines like Athena and Amazon Redshift .

This combination of automated knowledge mapping and granular access control is designed to solve a persistent enterprise problem: giving powerful AI agents enough context to be useful without letting them run loose across sensitive data .

AgentCore Hits Major General Availability Milestones

Alongside AWS Context, the company brought key components of its Amazon Bedrock AgentCore platform to general availability, moving the agent-building ecosystem from experimental to production-ready:

• Amazon Bedrock Managed Knowledge Base is now generally available. This fully managed RAG service handles the heavy lifting of ingestion, parsing, and retrieval natively. It integrates directly with AgentCore, allowing developers to connect agents to knowledge bases with auto-generated permissions and built-in observability . It is live in multiple regions, including US East, US West, Asia Pacific, and Europe .
• Web Search on AgentCore reached GA simultaneously, giving agents the ability to retrieve and act on information from live web and paid knowledge sources .
• Managed Agent Harness also went GA, offering a configuration-driven approach where developers declare a model, tools, skills, and instructions to get a production-quality agent running in minutes .
• New AgentCore optimization capabilities were unveiled, turning production traces into continuous improvement loops. Teams can now analyze failure patterns, intent, and trajectory insights across hundreds of agent sessions to debug and refine behavior .

These releases solidify AgentCore’s position as the secure, observable, multi-model platform for building and scaling AI agents that AWS first previewed in 2025 .

Security Integrations: SentinelOne and Rubrik Join the AgentCore Ecosystem

As agents become more autonomous, the security perimeter must expand to cover their decisions. AWS addressed this with two high-profile integration announcements:

• SentinelOne announced plans to integrate its Prompt Security capabilities directly with Amazon Bedrock AgentCore. The integration will feed runtime detection signals—such as prompt injection, personally identifiable information (PII) exposure, and anomalous tool usage—into AgentCore’s policy engine, enforcing real-time guardrails across all agent traffic .
• Rubrik announced its upcoming Rubrik Agent Cloud (RAC) integration with AgentCore. This extends the security controls customers trust for data to the agent layer, providing unified visibility, governance, and surgical rollback across agent resources. A key feature is the ability to automatically discover AI agents built on Bedrock, giving security teams a complete inventory of their agentic attack surface .

Both announcements were made on June 17, 2026, at the New York Summit and are expected to launch later this year .

Where Evidence Falls Short: S3 Annotations and Glue Catalog

Two items from pre-summit speculation did not appear in confirmed announcements. Searches across the official AWS Top Announcements blog post, the About Amazon summary, and other summit coverage did not surface a general availability declaration for Amazon S3 Annotations . Similarly, a specific preview of business context and semantic search for AWS Glue Data Catalog was not corroborated in the available sources from the June 2026 summit . These capabilities may be in development or launched in a different venue, but for now they remain unconfirmed as part of this event.

What This Means for Enterprise AI

The 2026 NYC Summit marks an inflection point. AWS is no longer just providing the tools to build agents; it’s building the governed infrastructure layer that makes them safe for production. AWS Context brings a single, authoritative knowledge graph to every agent in an organization. AgentCore’s GA releases make building, deploying, and debugging those agents a managed experience. And the security integrations from SentinelOne and Rubrik signal that the industry is treating agent security as a first-class problem, not an afterthought.