BeijingJune 18, 2026 /PRNewswire/ — Amazon Web Services (AWS) announced a series of new features for Amazon Bedrock AgentCore, a one-stop platform for building, connecting, and optimizing agents, to help enterprises accelerate the development of agents with broader knowledge and continuous learning capabilities. These new features will open up channels for agents to connect with enterprise internal knowledge, public web knowledge, and paid knowledge resources, assist technical teams in quickly locating and fixing faults in production environments, and establish a management and control system that scales in tandem with the agent’s growing capabilities.
The models driving today’s agents are incredibly powerful. They can reason across complex problems, plan multi-step workflows, and generate precise and nuanced responses. However, the actual performance of most agents falls far short of this potential ceiling. The gap lies not in intelligence, but in accessing the right context and feedback.
A customer service agent responsible for answering questions about a company’s refund policy cannot provide effective support if it cannot access the policy documents stored in SharePoint. A research agent writing market briefs will produce incomplete output if it cannot access real-time information beyond its training data. A financial advisor agent can only offer suboptimal recommendations if it cannot break through paywalls to obtain the necessary real-time market data. In all these scenarios, most teams lack a systematic method to track how an agent’s performance changes after deployment.
Powerful models are just the starting point. The key to making agents effective in production is enabling them to access everything needed to complete their work: the right knowledge, resources to perform actions, and a feedback loop for continuous improvement.
Agents with Richer Knowledge and Broader Reach
Agents on Amazon Bedrock AgentCore now have native access to three layers of knowledge, each broadening the scope of what agents can reach and accomplish: the enterprise knowledge layer hosted by AgentCore, the public knowledge layer, and the paid knowledge layer.
Enterprise Knowledge Layer: Amazon Bedrock Managed Knowledge Base
An enterprise’s most valuable information is scattered across sources like SharePoint, Google Drive, Confluence, Amazon S3, and internal wikis. Traditionally, enabling an agent to use this information requires building custom data ingestion pipelines, tuning retrieval performance, and maintaining data timeliness over the long term. This often takes months of engineering work before an agent can answer basic questions related to the company’s own business.
The Amazon Bedrock Managed Knowledge Base, now available on AgentCore, can replace this work. Enterprises simply connect their unstructured data sources, and AgentCore handles the rest. The platform manages vector storage, embedding and re-ranking models used during retrieval, and scaling issues like rate limits, allowing teams to focus on building agents rather than operating data pipelines. The core of this feature is an agentic retriever that goes far beyond traditional Retrieval-Augmented Generation (RAG). Instead of matching a query to the closest text snippet, it plans queries across the enterprise’s knowledge bases, connects related concepts across documents, evaluates intermediate results, and re-ranks them before answering. For complex, multi-intent queries involving multiple topics, the breadth and completeness of information retrieved by the agentic retriever are significantly better than basic retrieval methods.
Without building pipelines or tuning retrieval, agents can transition from being “unable to access” to providing comprehensive answers based on actual business knowledge.
Public Knowledge Layer: Web Search on Amazon Bedrock AgentCore
Internal knowledge has its limitations. Regulations are constantly updated, markets are continuously changing, and competitors are always launching new products. For agents to perform at their best, they need access to real-time dynamics outside the enterprise to support research, fact-checking, customer service, market intelligence analysis, and more. Now, AWS has launched a new tool called Web Search for developers building AI agents. It provides information from the web while keeping data within the customer’s secure AWS environment.
Web Search is built on AWS’s unified search infrastructure, which also powers products like Alexa+, Amazon Quick Suite, and Kiro. It is optimized for agentic retrieval, returning high-value excerpts with extremely high token intelligence density. It also employs a multi-source fact anchoring approach, combining public web information with AWS’s proprietary knowledge graph. This graph integrates structured entity data, verified facts, and real-time information such as stock prices and sports scores.
Web Search keeps user queries within AWS’s security and compliance boundaries, without introducing additional vendors or the associated orchestration, authentication, or billing workflows. Whether an enterprise is building a research agent that cross-references public sources, a compliance agent monitoring regulatory and policy updates, or using the latest information to anchor model responses, agents can now reason over real-time web information as easily as querying internal knowledge.
Masahiro Oba, Senior General Manager at Sony Group Corporation, stated: “At Sony, we are building an enterprise-level AI agent platform on Amazon Bedrock AgentCore, enabling teams across various business units to develop, share, and reuse AI agents tailored to their specific needs, ranging from knowledge assistants to workflow automation agents. Our enterprise knowledge resides in various repositories like SharePoint, Confluence, and Amazon S3, containing complex documents such as PDFs, presentations, and spreadsheets with charts and tables. With the launch of Knowledge Base and Web Search in Amazon Bedrock AgentCore, we can now equip our intelligent agents with advanced retrieval and real-time web fact-anchoring capabilities under a unified governance model, without having to build these features from scratch. This powerfully accelerates our vision of using AI as a catalyst to fundamentally change how people work at scale.”
Paid Knowledge Layer: AgentCore Payments and Amazon WAF AI Monetization
The best information isn’t always free, for example: financial market data, licensed research, proprietary datasets, and paid APIs. If an agent cannot access paid resources, it will return suboptimal answers, and users will never know what they missed.
Accessing paid content requires two parts: a payment capability on the agent side and a collection mechanism on the provider side. The Amazon Bedrock AgentCore Payments feature (preview), launched last month, handles the agent side, allowing agents to discover paid services and content, access them, and make payments within the execution loop. Now, the generally available Amazon WAF AI Monetization feature handles the provider side, enabling content owners to control agent access: they can choose to block, allow, or charge. Because both features run on the same platform, providers using Amazon WAF automatically recognize agents authenticated on Amazon Bedrock AgentCore. This creates a trusted channel: verified agents enjoy lower access friction, and content providers receive appropriate compensation. Together, these two capabilities build the bilateral infrastructure for the agent economy, allowing agents to access all information—not just what happens to be free.
Agents That Learn from Every Interaction
Enhancing an agent’s knowledge acquisition is only one aspect of the problem. Enterprises also need to understand whether the agent is truly achieving its goals and identify problems when performance is poor.
This is easier said than done. The most dangerous agent failures are not those that throw errors, but those that look normal on a dashboard: an agent that confirms an order modification that was never executed, an agent that fabricates product availability when an API times out, or another that skips an approval step but shows a 99% success rate on the dashboard. These failures don’t generate error signals. They surface weeks later through customer complaints, often after affecting thousands of sessions. Even when a team senses a problem, fixes are mostly guesswork: tweaking prompts, modifying tool descriptions, fine-tuning orchestration logic, and hoping the changes work, with no systematic way to verify if the changes actually improved performance or quietly caused other issues.
Now, AWS announces new optimization features in Amazon Bedrock AgentCore that transform production traces into continuous improvement. Together, they form a closed loop: understand the agent’s actual behavior, generate data-driven fixes, validate them before release, and prove their effectiveness.
Understanding Agent Behavior: The Insight feature, now available in preview, provides rich insights into failures, intents, and trajectories across hundreds of sessions, revealing patterns that no dashboard or individual trace review can uncover. Failure insights can detect recurring failure patterns, including covert behavioral failures that don’t generate error signals, explain the root cause of each failure in detail, and prioritize them based on the breadth of impact, allowing teams to see at a glance which issues harm users the most and fix them first. Intent insights cluster requests based on the user’s actual intent, revealing how the agent is truly being used. Trajectory insights group the paths agents take to complete tasks, enabling the discovery of common patterns and outliers. Continuous monitoring can be enabled through daily or weekly reports, or targeted investigations can be conducted after deployment or when complaints surge, with results available in minutes.
Fixing with Confidence: Once teams know what to change, the generally available Suggestions and A/B Testing features help them take action. The Suggestions feature analyzes traces and evaluation outputs to propose specific improvements to system prompts and tool descriptions, based on the agent’s actual behavior. Batch evaluation tests these suggestions against defined test datasets and reports overall scores, catching regressions before changes go into production. A/B Testing conducts controlled comparisons between agent versions by splitting live production traffic, providing real evidence that changes are effective under production conditions before finalizing. All of this works regardless of where the agent runs: on the Amazon Bedrock AgentCore runtime, Amazon Lambda, Amazon EKS, or non-AWS environments.
Kazumi Matsuda, Senior Manager of AI Promotion at FUJISOFT, stated: “At FUJISOFT, we are building AI agents to accelerate software development and operations. Our framework, Character Capsule, packages agent roles, skills, and procedures into reusable capsules that can run on local coding tools like Copilot and Kiro, and scale to Amazon Bedrock AgentCore for multi-agent orchestration. As we deploy more agents, our biggest challenge has been hidden failures that look fine initially but surface later, with fixes relying on guesswork. The optimization features in Amazon Bedrock AgentCore change this. They analyze our production traces to reveal failure patterns, explain why they occur, and prioritize them by impact. We then receive suggestions for improving prompts and tool descriptions, and A/B test them on live traffic before committing. Agent improvement is now a continuous loop built on data, not trial and error.”
As Agent Capabilities Grow, Governance Must Scale: New Policy Enhancements
More capable agents mean a larger attack surface. And agents introduce security challenges that traditional software never had: they are probabilistic. Agents make judgments, and judgments can be influenced by context. The new risk exposure point is no longer the network, but the agent’s context. Prompt injection and memory poisoning don’t require breaking into a system; they only require convincing the agent to make a wrong judgment.
The way to secure probabilistic things is to use deterministic things: not as the brain, but as the guardrails around it. The Policy feature in Amazon Bedrock AgentCore already provides real-time deterministic control at the gateway, defining what an agent can or cannot do with an enterprise’s tools and data. Now, AWS has extended these capabilities with the integration of Amazon Bedrock Guardrails, now generally available, which evaluates each agent action to prevent prompt injection attempts, harmful content, and sensitive data exposure. These checks run at the gateway layer, outside the agent’s code, so the agent cannot see them in its context, reason around them, or convince itself they don’t apply.
Guardrails are the first of many detection signals that the policy engine can act upon, and it won’t be limited to the platform’s own signals. Soon, AgentCore will allow detection signals from leading security providers, including CheckPoint, Zscaler, Rubrik, Netskope, and SentinelOne, to be fed into the same policies. Regardless of where the signal comes from, the principle remains the same: detection can be probabilistic, but policy enforcement is always deterministic, making a final allow or deny decision based on established thresholds.
Because every tool and context source on Amazon Bedrock AgentCore is routed through the gateway, any new capabilities an agent gains are automatically subject to the same security layer. More powerful agents, stricter controls, scaling in tandem.
From Idea to Running Agent in Minutes: Amazon Bedrock AgentCore Harness Now Generally Available
An agent is more than just a model. If the model is the brain, then the Harness is the body: everything the brain needs to get its work done. It runs the orchestration loop, executes tools, manages the context window, persists state across turns, recovers from failures, and isolates each session. The Harness impacts agent performance as much as the model. Building a durable Harness is where most teams spend the most time today.
The now generally available Amazon Bedrock AgentCore Harness provides enterprises with managed capabilities at the runtime layer. Instead of writing code for the entire execution flow, agents are defined through configuration: the model they use, the tools they call, the skills they can access, and the instructions they follow. AgentCore dynamically assembles and drives this execution flow. With this single configuration, enterprises can have a working agent running in their own isolated environment in minutes. It comes with a file system and shell, cross-session memory, Skills (including a curated catalog of AWS official Skills), and web browsing capabilities. This is not a starter tool that becomes obsolete as the business scales: the configuration used at the start is the same one used for large-scale operations, and when custom orchestration is needed, the Harness can be exported as code and remain on the same platform without rebuilding anything.
Beyond speed, what it truly unlocks is the freedom of choice that doesn’t yet exist in the market. Currently available Harness solutions lock enterprises into something: open-source solutions require self-hosting and operating the Harness; managed services lock enterprises into their environments; model vendor Harnesses are optimized only for their own models. AWS decouples the Harness from the model, allowing enterprises to choose any model, or even switch models mid-session, without changing the agent logic. As cutting-edge technology advances and the best model for a task changes, the enterprise’s agent infrastructure remains stable.
Choice is only part of it. Because the Harness is an integral part of a single platform, rather than a managed layer wrapped around a framework, every tool invocation is routed through the same gateway—which not only enforces security policies but also connects the agent to enterprise knowledge, web knowledge, and paid knowledge. Identity, memory, and observability all come from this same platform, so every action an agent takes is governed and traced from the first call, without additional wiring. The agent declared on day one is the agent running on day one thousand, built on the same foundation from start to finish.
Omar Paul, Vice President of Product at Twilio, stated: “Twilio’s customers are building AI agents that span voice, messaging, and digital channels, with real-time intelligence and persistent memory, making every interaction feel like a conversation. By combining the Amazon Bedrock AgentCore Harness with Twilio Conversations, developers can go from idea to live agent without rebuilding infrastructure. The best customer experiences come when great AI and great communications infrastructure are built together.”
Getting Started
The Harness runtime hosting, Managed Knowledge Base, Web Search, Guardrails integration, Suggestions, and A/B Testing features are all generally available on Amazon Bedrock AgentCore, while the Insights and Payments features are available in preview. Users can start using these new features through the console or the AgentCore CLI. For more details, please visit the official documentation.