AWS re:Invent 2025 - Secure AI Agents Delivering Efficiency in Regulated Industries (WPS317)

Secure AI Agents Delivering Efficiency in Regulated Industries

Navigating Regulatory Landscapes for AI Adoption

• Highly regulated environments, such as finance, government, and healthcare, face dense laws, standards, and patterns that must be adhered to when deploying AI workloads.
• Key regulatory pillars include compliance and governance, legal and privacy, controls, and risk management.
• Regulations vary by country and industry, but common frameworks like NIST, OWASP, and the AWS Well-Architected Framework can help guide AI deployments.
• Regulators should not stop AI adoption, but rather drive it - AI can be used to understand and accelerate compliance with regulations.

Running AI Workloads on Amazon EKS

• The core of the architecture is an Amazon EKS cluster, which allows for flexible and scalable deployment of GPU-powered AI workloads.
• Open-source tools like Karpenter and KEDA are used to dynamically scale the cluster based on demand and optimize costs.
• The open-source ecosystem around Kubernetes provides a rich set of tools and solutions for deploying and managing generative AI workloads.
• Customers like Sicoob, a large Brazilian financial cooperative, have successfully adopted this approach to run multiple LLM models for various business use cases.

Secure AI Agents with Amazon Bedrock

• Amazon Bedrock is a service that provides building blocks for developers to create generative AI solutions, including managed models, security, and prompt engineering capabilities.
• Bedrock is designed with compliance in mind, achieving certifications like ISO 42001 for generative AI workloads.
• Customer data is isolated and not used to improve Bedrock models, addressing privacy concerns.
• Bedrock Agent Core allows for the deployment of autonomous AI agents that can be tailored to specific regulatory and business requirements.
• Agents can be built using open-source tools like Anthropic's Strand, which simplifies the process of creating, hosting, and scaling AI agents on AWS.

Lessons Learned and Best Practices

• AWS democratizes the use of generative AI, allowing organizations to leverage AI without extensive AI expertise.
• Expect non-deterministic behavior from AI agents and mitigate risks through careful prompt engineering, guard rails, and evaluation of knowledge bases.
• Focus agents on specific tasks and ensure clear tool specifications to improve performance.
• Invest in realistic evaluation of agent performance, especially when knowledge bases or models change.
• Provide end-users with easy feedback mechanisms to continuously improve the AI agents.

Business Impact and Use Cases

• Sicoob, a large Brazilian financial cooperative, has used generative AI to:
  • Develop an internal intelligent development assistant to automate coding tasks and accelerate developer onboarding.
  • Automate complex manual tasks with AI-powered digital robots, saving over 400,000 human hours.
  • Create an investment advisor that provides personalized recommendations to customers.
• Holland Casino, a regulated gaming operator in the Netherlands, is using AI agents to provide self-service insights to management on cost, security, and operations, without the need for manual reporting.

Key Takeaways

• Regulated industries can leverage AWS services like Amazon EKS and Amazon Bedrock to deploy secure, scalable, and compliant generative AI solutions.
• Open-source tools and the Kubernetes ecosystem provide a rich set of options for managing and optimizing AI workloads.
• Careful prompt engineering, guard rails, and performance evaluation are crucial for ensuring AI agents behave as intended and meet regulatory requirements.
• Generative AI can be used to accelerate compliance and drive efficiency in highly regulated environments, as demonstrated by the real-world use cases of Sicoob and Holland Casino.