AWS Expands Security and Developer Tooling with Security Hub Updates and Builder Center Milestones
AWS has officially expanded its cloud security and developer ecosystem, introducing public internet network scanning for Security Hub, unified security management for Microsoft Azure, and marking the one-year anniversary of the AWS Builder Center. These updates aim to provide deeper visibility into hybrid cloud environments while centralizing resources for developers and architects.
AWS Security Hub Adds Network Scanning and Azure Integration
Amazon Web Services has upgraded Security Hub to provide more granular visibility into public-facing infrastructure. The newly introduced Network Scanning capability actively probes resources from the public internet to confirm reachability, moving beyond simple configuration checks. According to official AWS documentation, this feature identifies public IP addresses, virtual machines, and load balancers across both AWS and Microsoft Azure environments.
By identifying reachable ports and the services running behind them, Security Hub generates findings that correlate with existing resource configurations. This allows security teams to assess actual exposure rather than relying solely on theoretical risk. For new users, this feature is enabled by default as part of AWS Security Hub Essentials at no additional cost.
Furthermore, AWS has extended its unified security posture management to include Microsoft Azure. Security teams can now monitor Azure-native resources—such as container images, Function Apps, and identities—directly within the AWS interface. Findings from both clouds are presented in a unified format, supporting consistent automation workflows and prioritized vulnerability management.

One Year of AWS Builder Center: Growth and Community Impact
The AWS Builder Center, which launched in July 2025, has reached its one-year milestone with a significant expansion of its community-driven ecosystem. According to a retrospective published by Jeff Barr, the platform has hosted 6,448 articles from 5,548 authors, accumulating over 10.4 million page views.
The platform serves as a central hub for technical documentation, workshops, and sandbox environments. Key growth metrics from the first year include:

- Community Engagement: Builders have earned nearly 100,000 badges since the system’s inception in March 2026.
- Product Feedback: Of the 565 feature wishes submitted by the community, 10 have already been implemented, with 20 more currently on the roadmap.
- Sandbox Environments: Rick Suttles introduced pre-provisioned, 8-hour sandbox environments that allow users to complete workshop exercises without requiring a personal AWS account or manual cleanup.
The most popular content on the platform includes technical guides on building AWS Study Buddies using MCP and Strands Agents SDK, as well as tutorials on migrating end-of-life Linux servers to AWS.
Infrastructure and AI Development Updates
AWS also announced significant updates to its AI and data infrastructure services aimed at reducing operational overhead:
* SageMaker Studio and Hugging Face: Users can now deploy or customize models from Hugging Face directly within SageMaker Studio with a single click. The integration provides pre-configured permissions for serverless fine-tuning and model evaluation, with verified customers gaining default access to high-performance GPU instances like G5 and G6.
* EKS and ECS Cost Reductions: Effective July 1, 2026, AWS reduced management fees for accelerated instances by up to 60%. P-series and Trainium instances saw the largest price drops, while G-series fees decreased by 35%. These changes apply automatically to existing clusters.
* Aurora DSQL Change Data Capture (CDC): Generally available as of this month, Aurora DSQL CDC streams database operations directly to Amazon Kinesis Data Streams. This allows developers to synchronize data across microservices or trigger Lambda functions without impacting database performance.
Security and Governance for AI Agents
As enterprise adoption of AI agents grows, AWS has introduced new governance tools to manage deployments. The “Loom for AWS” project, available via AWS Labs on GitHub, provides an open-source platform for building agents with AWS Strands Agents. It includes identity provider integration, role-based access control (RBAC), and human-in-the-loop review processes.
Additionally, AWS introduced a “Claude apps gateway,” a self-hosted control plane designed to manage access, costs, and policy for Claude Code and Claude Desktop. The gateway supports OIDC-compliant identity providers and allows organizations to enforce spend caps on a per-user or per-group basis, ensuring that data remains within the AWS security boundary.
