Amazon Bedrock AgentCore: Building Enterprise AI Agents at Scale
AWS launches Bedrock AgentCore with Runtime, Gateway, Memory, Identity, and Policy services for building enterprise AI agents at scale.
The Enterprise AI Agent Infrastructure Gap
Building production-grade AI agents is deceptively difficult. Prototyping a conversational agent that calls a few APIs takes a weekend. Shipping one that handles authentication, enforces access policies, maintains conversation memory across sessions, scales to thousands of concurrent users, and recovers gracefully from failures takes months of custom engineering. Most enterprise teams spend 70 to 80 percent of their agent development time on infrastructure plumbing rather than business logic.
AWS recognized this gap and responded with Bedrock AgentCore, a purpose-built platform announced at re:Invent 2025 and generally available as of February 2026. AgentCore is not a single service but a coordinated suite of five services designed to handle every infrastructure concern that enterprise AI agents require. The goal is straightforward: let engineering teams focus on what their agents do, not how they run.
The Five-Service Architecture
AgentCore is built around five tightly integrated services, each addressing a distinct infrastructure concern. Together, they form a complete foundation for deploying AI agents at enterprise scale.
Runtime: Serverless Agent Execution
The Runtime service provides serverless compute for agent workloads. Unlike traditional Lambda functions that are optimized for short-lived, stateless operations, AgentCore Runtime is designed for the unique execution patterns of AI agents: long-running reasoning chains, multi-step tool invocations, and asynchronous task completion.
Key capabilities include:
- Auto-scaling from zero to thousands of concurrent agent instances with no pre-provisioning
- Warm start optimization that keeps frequently invoked agents ready with sub-200ms cold start times
- Execution checkpointing that saves agent state at each reasoning step, enabling recovery from failures without restarting entire workflows
- Cost-per-invocation pricing that eliminates idle compute costs for agents with variable traffic patterns
For enterprises running hundreds of distinct agent types, Runtime eliminates the operational burden of managing dedicated compute clusters for each one.
Gateway: Unified Tool Access
AI agents are only as useful as the tools they can access. The Gateway service provides a unified interface for agents to interact with external APIs, databases, internal services, and third-party SaaS platforms. Rather than each agent team building and maintaining their own integration layer, Gateway centralizes tool registration, versioning, and access control.
Gateway supports:
- OpenAPI and MCP tool registration with automatic schema validation
- Rate limiting and circuit breaking to protect downstream services from agent-driven traffic spikes
- Request transformation that adapts agent tool calls to the specific formats required by target APIs
- Audit logging of every tool invocation for compliance and debugging
This is particularly valuable for large organizations where dozens of agent teams need access to the same internal services. Gateway ensures consistent access patterns without duplicating integration code across teams.
Memory: Persistent Context Retention
Stateless agents forget everything between invocations. For enterprise use cases like multi-day customer support cases, ongoing project management workflows, or personalized assistant experiences, context retention is essential. The Memory service provides agents with persistent, queryable storage for conversation history, user preferences, task state, and learned patterns.
Memory offers three storage tiers:
See AI Voice Agents Handle Real Calls
Book a free demo or calculate how much you can save with AI voice automation.
- Session memory for short-lived conversational context within a single interaction
- Entity memory for persistent facts about users, accounts, or projects that persist across sessions
- Episodic memory for long-term patterns and preferences learned over weeks or months of interaction
The service integrates natively with vector databases for semantic retrieval, enabling agents to recall relevant past interactions without scanning entire conversation histories.
Identity: Authentication and Authorization
Production AI agents need to act on behalf of specific users with specific permissions. The Identity service handles OAuth flows, API key management, and role-based access control for agent actions. When an agent accesses a customer's CRM data or submits an expense report on behalf of an employee, Identity ensures the agent operates with exactly the permissions that user has granted.
Critical features include:
- Delegated authentication where agents inherit the invoking user's permissions
- Scoped tool access that restricts which tools an agent can call based on the user's role
- Session token management with automatic refresh and revocation
- Integration with existing enterprise identity providers including Okta, Azure AD, and AWS IAM Identity Center
Policy: Operational Boundaries
Autonomous agents need guardrails. The Policy service defines what agents can and cannot do, providing a declarative framework for setting operational boundaries. Policies can restrict spending limits, block access to sensitive data categories, require human approval for high-impact actions, and enforce compliance rules.
Policy supports:
- Declarative rules written in a YAML-based policy language
- Real-time enforcement that evaluates policies before each agent action
- Escalation workflows that pause agent execution and route decisions to human reviewers
- Policy versioning and audit trails for regulatory compliance
How AgentCore Eliminates Custom Engineering
Before AgentCore, a typical enterprise agent deployment required teams to build and maintain authentication middleware, tool integration layers, conversation state management, scaling infrastructure, and governance frameworks independently. This easily consumed six to nine months of engineering effort before the first agent reached production.
With AgentCore, that infrastructure is available out of the box. Teams define their agent logic, register their tools in Gateway, configure policies, and deploy to Runtime. The platform handles everything else. AWS reports that early adopters reduced their time-to-production from an average of seven months to under six weeks.
Companies like Intuit, Siemens, and Salesforce participated in the preview program. Siemens deployed over 40 specialized manufacturing agents using AgentCore, managing quality inspection workflows, predictive maintenance scheduling, and supply chain coordination across 15 factories. The consistent infrastructure layer meant each new agent could be built by a two-person team in two to three weeks rather than requiring a dedicated platform squad.
Pricing and Availability
AgentCore follows AWS's consumption-based pricing model. Runtime charges per millisecond of agent execution time. Gateway charges per tool invocation. Memory charges per gigabyte of stored context. Identity and Policy are included at no additional cost. For most workloads, AWS estimates costs between 0.002 and 0.01 dollars per agent interaction, depending on complexity and tool usage.
The platform is available in all major AWS regions including US East, US West, EU West, and Asia Pacific. GovCloud availability is expected in Q3 2026.
Frequently Asked Questions
Can AgentCore be used with non-AWS AI models?
Yes. While AgentCore integrates natively with Bedrock foundation models including Anthropic Claude, Meta Llama, and Amazon Titan, the Runtime service supports any model accessible via API. Teams can route agent reasoning to self-hosted models, OpenAI endpoints, or any other inference provider while still using Gateway, Memory, Identity, and Policy for infrastructure.
How does AgentCore compare to LangChain or similar open-source frameworks?
LangChain and similar frameworks provide libraries for building agent logic in code. AgentCore operates at a different layer, providing managed infrastructure services. Many teams use LangChain or LlamaIndex for agent orchestration logic while deploying on AgentCore for runtime execution, tool management, and governance. The two are complementary rather than competitive.
What happens if an agent exceeds its policy boundaries?
When an agent action violates a Policy rule, execution is paused immediately. Depending on the policy configuration, the action may be blocked outright, routed to a human reviewer for approval, or logged as an exception for post-hoc review. The agent receives a structured denial response that it can use to explain the limitation to the end user or attempt an alternative approach.
Is AgentCore suitable for regulated industries like healthcare and finance?
AWS designed AgentCore with regulated industries in mind. The Identity service supports HIPAA-compliant authentication flows. The Policy service enables enforcement of financial trading limits, data residency rules, and PII handling restrictions. Full audit trails across all five services satisfy SOC 2, HIPAA, and PCI DSS requirements. Several financial services firms participated in the preview program specifically to validate compliance capabilities.
Source: AWS re:Invent 2025 — Bedrock AgentCore Launch, AWS Architecture Blog — Building Enterprise Agents, Siemens AI Factory Case Study
NYC News
Expert insights on AI voice agents and customer communication automation.
Try CallSphere AI Voice Agents
See how AI voice agents work for your industry. Live demo available -- no signup required.