Market Overview: Key HighlightsMarket Overview: Key Highlights
AWS France Overview: Key figures announced at the start by Amélie Clugnet Veron, Director of AWS France.
AWS is celebrating its 20th anniversary and investing six billion euros in France: data centers, regional expansion, and training. With a thousand employees, more than three hundred partners, and an ecosystem that shapes a significant portion of France’s cloud offerings, the most revealing figures, however, concern the barriers to AI adoption—and they shed direct light on the governance challenges that run throughout this article.
The three barriers to AI transformation in France cited by AWS.
41% of French companies cite a lack of AI and digital skills as their primary obstacle. For every 100 euros spent on IT, 42 go toward compliance. An additional 32% cite regulatory uncertainty as a barrier, while 70% of those same companies report deriving tangible benefits from AI. This gap precisely outlines the shape of future demand. Organizations are no longer looking for tools; they are seeking secure, compliant methodological frameworks that allow them to scale up operations without losing control. This presents a strategic opportunity for cybersecurity professionals—provided they know how to position themselves.
Let’s focus on one figure: €42 in compliance costs for every €100 spent on IT. This ratio alone justifies any “compliance-as-code” initiative (NIS2, CRA, DORA, EU AI Act) and any approach that turns compliance into an accelerator rather than a brake. The EU AI Act and its potential penalty of 7% of global revenue are fundamentally changing the dynamics of decision-making: AI governance is no longer being pushed to “phase 2” of a program.
The Keynote: Sovereignty, Agent Productivity, and the Fifteen-Minute Mark
The two-hour keynote was built around a metaphor introduced by Amélie Clugnet Veron: that of a rocket taking off. Training, navigation, structure, and sovereignty—four pillars intended to symbolize what AWS aims to bring to France’s digital transformation. The narrative device is a bit heavy-handed, but the rest of the morning’s proceedings lend it real substance. Three strategic signals deserve the attention of CISOs.
The European Sovereign Cloud as an Infrastructure Solution
The arrival of Stéphane Israël, former president of Arianespace and now with AWS, sends a clear political signal: AWS wants to operate in sectors of national sovereignty. Ariane 6, cited as the first customer of the European Sovereign Cloud, completes the picture. The same services as the public cloud—not a downgraded offering—but operated in an independent region by European legal entities, with a guarantee of no interdependence with other global regions, and dedicated audit mechanisms.
For CISOs at regulated organizations, this proposal addresses the long-standing concern regarding legal dependence on the U.S. while maintaining access to the AWS Bedrock catalog, AgentCore, and 240 services. This is obviously not the end of the sovereignty debate (the issue of the Cloud Act remains unresolved, and safeguards depend on the actual legal structure of the local operator), but it is a technical and legal proposal sufficiently well-structured to warrant serious consideration in three- to five-year architecture roadmaps, alongside offerings from 3DS Outscale, OVHcloud, or S3NS.
The semantic shift: from “Why?” to “Why not?”
Stéphane Hadinger, Head of Technology France, made an observation worth noting. For ten years, the conversation about AI in businesses has revolved around the “why”: why this use case? why this model? why now? By 2026, he says, the question will become “why not?”—which implies that the proof of value has been established, the tools exist, and friction has been reduced to the point where the absence of automation in a business workflow becomes an anomaly that requires justification. For CISOs, this shift means that pressure to adopt AI will intensify massively on the business side, and that the role of the “gatekeeper who says no” will become increasingly difficult to maintain. The only tenable position is that of a partner who offers secure deployment frameworks—not prohibitions.
The fifteen-minute figure and its implications
The most striking statistic of the morning: on average, a senior developer spends only fifteen minutes a day writing code. The rest—specification, architecture, testing, and debugging—takes up the bulk of the time. This framework gives meaning to AWS’s entire agent-based strategy: agents do not seek to replace developers but to streamline these four time-consuming tasks. Kiro, positioned as a competitor to Claude Code and Cursor, embodies this vision.
An internal AWS case study illustrates this point. The redesign of Amazon Bedrock, which initially required thirty people over eighteen months, was completed using the agentic toolkit by a team of six in six months: sixteen times cheaper and three times faster. While this ratio calls for caution—due to scope effects, previously absorbed technical debt, and learning curves—it provides a benchmark that technical teams will cite in their business cases, and that CISOs will need to be able to discuss.
Bureau Veritas and the Rise of Structured AI Auditing
Bureau Veritas Radar: eight evaluation dimensions (explainability, fairness, governance, privacy & security, robustness, safety, transparency, controllability).
Marc Roussel, EVP at Bureau Veritas, delivered the most insightful presentation for anyone interested in the intersection of AI, compliance, and auditing. 68% of companies struggle to interpret the EU AI Act—with its 113 articles, multiple roles, and complex risk matrix. Bureau Veritas’s offering combines a pre-audit document review, predictive testing, and on-site audits. The eight-axis radar largely overlaps with ISO/IEC 42001 and Gartner’s AI TRiSM dimensions.
For cybersecurity professionals, the message is twofold. On the one hand, traditional audit methodologies—which are well-established for conventional information systems—are structurally ill-suited for auditing AI systems, as Bureau Veritas itself has acknowledged. On the other hand, the new evaluation frameworks that are emerging (Bureau Veritas, but also NIST’s AI Risk Management Framework, ISO/IEC 42001, and the AI TRiSM framework) are converging toward a set of shared dimensions. This presents an opportunity for CISOs and audit managers: those who formalize the AI assessment methodology within their organization before regulations mandate it will gain a lasting structural advantage.
AgentCore: The Six Invisible Boundaries That Industrialization Brings to Light
The session on "Advanced Best Practices for Deploying Agents with AgentCore," led by AWS Solutions Architects with industry expertise from La Centrale Group, was the most informative session of the day for security professionals. It deserves further discussion because it outlines the operational model that AWS recommends for scaling agent deployment in enterprises, and because each component of this model represents a boundary that we have previously managed implicitly.
“Identity is the architecture. The platform isn’t just a collection of tools; it’s a framework of identities and permissions that the tools plug into.” — A phrase used by La Centrale and Euronext during the Summit |
The Reference Architecture: Runtime and Gateway
"Financial Analysis Assistant" use case: A Finance Agent coordinates a Prediction Agent and calls four business tools via AgentCore Runtime.
The use case presented at the beginning—a financial analysis assistant—serves as an educational model. It consists of an orchestrating Finance Agent, a specialized Prediction Agent, four business tools (calculate_profit_margin, get_exchange_rate, get_revenue_report, get_department_budget), and two types of remote services—external and internal—which are handled differently in terms of identity and networking. Three patterns emerge.
First, a clear separation between the orchestrator agent and specialized agents. An agent should not be a Swiss Army knife; it has a well-defined responsibility and knows how to delegate. This pattern replicates at the AI level what microservices have done at the application level. Next, the differentiated isolation of external calls. Internal and external services do not have the same risk profile, do not authenticate in the same way, and do not pass through the same network controls. AgentCore makes this distinction explicit, whereas ad-hoc architectures blur it. Finally, uniform exposure on the application side: regardless of internal complexity, the consumer sees a single runtime.
AgentCore Gateway: a unified entry point for MCP that routes traffic to three types of targets (MCP Servers, REST APIs, and Lambda functions).
The Gateway is the most critical component for a CISO to understand. It exposes a single /mcp endpoint that allows any MCP client agent to list, invoke, and search for tools. Behind the scenes, it routes traffic to three types of targets: existing MCP servers, REST APIs, or Lambda functions. The built-in cache prevents unnecessary downstream calls, which is critical for controlling costs and latency. But above all, the Gateway creates a governable bottleneck: all agent-to-tool traffic passes through a single, visible, filterable, and auditable point. This is the pattern that every security team should require before any large-scale agent deployment.
Agent-based security: three levels of identity to manage
Agent security operates on three levels, each of which must be explicitly managed. And this is where the central theme of this article is most clearly evident: in the ad-hoc architectures of the past, these three relationships were often conflated; typically, the agent inherited the rights of the invoking user, which is a major anti-pattern.
Relationship | Control issue |
Employee → Application | Traditional authentication: SSO, phishing-resistant MFA (passkeys, FIDO2). A necessary foundation, but insufficient when agents enter the loop. |
Agent → Application | An identity specific to the agent, distinct from that of the user. The agent must not impersonate the human user who invokes it: this compromises traceability and grants excessive privileges. AgentCore Identity implements this dedicated identity. |
Agent → Resources | Granular permissions that combine RBAC (agent role) and ABAC (call context attributes) via AgentCore Policy. Depending on the context, the same agent must receive different access decisions. |
This three-part approach requires new operational procedures. Agents must be inventoried just as users and service accounts are. Their lifecycle must be managed: creation, promotion, credential rotation, and revocation. They must be assigned to a clearly designated owner, because an agent without an owner is a ticking time bomb. All of this corresponds to practices that IAM teams are familiar with for human and machine identities; it is a matter of extending them to a third population. Organizations that do not do this now are accumulating an invisible security debt that will only become apparent at the first incident, and that incident will be difficult to investigate due to the lack of traceability of agent identities.
Observability and evaluation: the second line of defense
AgentCore Evaluations (preview): An LLM-judge analyzes the logs generated by AgentCore Observability.
AgentCore Observability provides end-to-end tracing: token costs, latency by tool, and invocation chains. The best practice that is repeatedly emphasized: build observability in from the start, rather than bolting it on later. We’ve heard it all before—observability added after the fact is always incomplete and always more expensive than native observability.
AgentCore Evaluations, still in preview, takes things a step further. An LLM-judge analyzes logs, generates results and explanations, and feeds continuous evaluation dashboards. It’s the equivalent of SonarQube for agents, promising to continuously detect behavioral deviations, quality regressions, and abnormal interactions with tools. The pattern is that of LLM-as-a-judge, applied to the evaluation of agents in production rather than to the evaluation of training datasets. There is an entire field of quality engineering yet to be built here.
What a CISO Should Know About AgentCore AgentCore isn’t a product you buy; it’s an operational model you need to understand. Whether your organization deploys its agents on Azure, GCP, or on-premises, the six building blocks that AgentCore embodies (Runtime, Gateway, Identity, Policy, Observability, Evaluations) correspond to six architectural requirements that any industrial agent-based deployment must meet, regardless of the provider. The CISO who formalizes these six requirements in their architectural framework before business teams deploy ungoverned agents gains a decisive head start. |
The Euronext Retex: When MCP Governance Becomes an Operational Discipline
The session titled “Secure MCP Platform for Generative AI with Bedrock AgentCore Gateway,” co-hosted by Ruben Silva, a Cloud Engineer at Euronext, and AWS architects, was the most comprehensive session of the day from a security perspective. It addressed a very practical question: how can we scale from fifty custom-built MCP tools to several thousand in production without letting security debt spiral out of control?
The breaking point and why it happens sooner than we think
Euronext’s initial AI-powered customer support system, with just a few internal users, was working well. Then the harsh realities of industrial-scale deployment set in: thousands of users, multiple dependencies, heterogeneous MCP integrations, and separate agent teams each deploying their own MCP servers without coordination. The architecture was no longer viable. The authors draw an explicit parallel with the shift from monolithic systems to microservices: we’re retracing the same path, but with agents and their tools. Four problems arise simultaneously: the need for a single point of communication, the need for fine-grained and contextualized access control, the requirement for cross-functional observability, and the governance of the MCP tool lifecycle—versioning, deprecation, and rollback.
Target architecture: enterprise-grade MCP
Euronext Architecture: Developer (VS Code + GitHub Copilot, Azure Entra ID SSO) → AgentCore Gateway (SSO + AD Group Authentication, PII Guardrails, Private ALB + VPC, Tool Routing) → Integrated MCP Servers (GitLab, Atlassian, Coralogix; Figma pending).
The architecture fits on a single line, yet it incorporates an impressive number of design decisions. The developer interacts only with a single endpoint/MCP authenticated via Azure Entra ID SSO and linked to AD groups. The Gateway performs four functions: SSO and AD group verification, PII Guardrails that filter sensitive data both in and out, routing to a private VPC via ALB, and tool routing to targets. Figma remains on hold—3-legged OAuth support is not yet available in the prototype, which demonstrates a commendable technical honesty.
Private connectivity: The client VPC connects to the AgentCore Gateway data plane via AWS PrivateLink, without any internet exposure.
The network topology is ideal for a regulated financial environment: AWS PrivateLink connects the customer’s VPC to the AWS-operated gateway endpoint. No internet exposure, no NAT gateway on the sensitive side. This pattern is exactly what should be recommended for any regulated environment—banking, defense, healthcare, energy—and it proactively addresses three common concerns: Does our data travel outside our network perimeter? Who owns the audit trail? And how can we isolate this traffic from our other workloads?
Fine-grained access control: an example that changes the conversation
Fine-grained access control: A single Pricing Agent receives different access decisions depending on whether it is invoked by an external client or an internal administrator.
This diagram speaks louder than any discussion of MCP governance. The same Pricing Agent is invoked in two different contexts. On the external client side, AddPromotions is denied, while SearchPromotions remains allowed. On the internal administrator side, both operations are allowed. Same MCP tools, same agent, radically different access decisions—it all comes down to the call context and the policy. This pattern invalidates an entire generation of simplistic approaches where the agent inherits a single role assigned at startup. You must combine who is calling and in what context, and express it in a sufficiently expressive policy language.
The three key takeaways from the Euronext retex “MCP needs governance.” Without explicit governance, MCP becomes a new, uncontrolled attack surface. It’s exactly the same as what we experienced with REST APIs ten years ago: as long as it’s done on a small scale, it works; at scale, it falls apart. “Identity is the architecture.” User, agent, and tool identity is not an afterthought when it comes to security. It is the central architectural building block around which everything else is structured. This represents a fundamental shift in approach for IAM teams. “Start small, start now.” The cost of retrofitting MCP governance is prohibitive. It’s better to lay the groundwork from the very first tools than to be chasing after a thousand unmanaged tools a year from now. |
The Electrification of the SDLC: From GitLab DAP to the AI-DLC Methodology
The last two technical sessions should be viewed together: the GitLab-sponsored session on the Duo Agent Platform and the closing session on the AI-Driven Development Lifecycle. The first session presents a concrete implementation: a multi-agent AI platform integrated into the DevSecOps lifecycle. The second session provides the methodological framework that gives meaning to these implementations. A tool without a method leads to chaos; a method without a tool remains theoretical.
The GitLab Paradox: Faster Code ≠ Faster Delivery
The McKinsey State of AI 2026 survey indicates that the use of AI in development teams has doubled over the past two years. Yet the approach is more fragmented than ever: each developer chooses their own tool, each team its own conventions, and the delivery pipeline isn’t accelerating as much as expected. Hence the paradox: “faster code does not equal faster delivery.” The structural lesson aligns with our overarching theme: as long as the use of AI remains individual and ungoverned, productivity gains evaporate into integration, downstream debugging, and inconsistency debt. For a CISO, this paradox has a direct corollary: ungoverned development AI does not just create technical debt; it creates security debt in the generated code—code produced without review, without conventions, and without adherence to secure coding standards.
The GitLab Duo Agent Platform offers a solution: multi-agent orchestration aligned with the full DevSecOps lifecycle (plan, code, build, test, secure, deploy, operate), powered by Amazon Bedrock behind a self-hosted AI Gateway. This topology provides fine-grained control over the models used at each stage, data residency (no prompts or code are sent to uncontrolled services), compliance by design (centralized logging, audit trail), and scalability via AWS managed services. For regulated organizations, this “GitLab self-managed + Bedrock via private AI Gateway” pattern directly addresses the recurring objection: “We cannot send our code in plain text to an AI provider.” The technical solution is now standardized and reproducible.
AI-DLC: The Analogy of Electrification
The traditional SDLC: “everyone waits for everyone else.” Each “STOP” represents a bottleneck between silos.
The analogy proposed to help us envision a way out of this model is that of the electrification of factories. In pre-electrified workshops, all the machines were connected to a central drive shaft powered by a single steam engine. If the shaft failed, the entire workshop came to a halt. Electrification gave each machine its own motor, yielding gains of an order of magnitude, changing the layout of factories, and transforming the nature of work. AI in the SDLC represents the same shift: each stage can operate at its own pace, driven by a specialized agent. But—and this is the point the security sessions drove home—an ungoverned individual engine is more dangerous than a centralized drive shaft. Hence the need for a methodological framework.
AI-DLC falls somewhere between "vibe coding" (maximum autonomy) and traditional AI-assisted development (maximum control).
AI-DLC strikes a balance between two extremes. "Vibe coding"—maximum agent autonomy—is risky in production. Traditional assisted development, with total human control, offers few benefits. AI-DLC seeks a third way: AI orchestrates (planning, decomposition, architecture proposals, generation), while engineers arbitrate (validation, structural decisions, supervision). This is not a weak compromise: it is a precise division of responsibilities based on each party’s relative strengths.
AI-Driven Development Lifecycle: Inception → Construction → Operations. Each stage provides context for the next.
The AI-DLC is structured into three phases. Inception involves establishing the context (standards, existing code, dependencies, regulatory constraints), defining the scope through user stories, and planning in work units. This is where shift-left compliance comes into play: requirements from the EU AI Act, NIS2, CRA, and DORA are incorporated from the scoping phase, not discovered during the final audit. Construction handles code generation, testing, the addition of architectural components (secrets, observability, security), and IaC deployment. Operations cover production deployment and incident management, supported by a DevOps agent who performs root cause analysis, impact assessment, and remediation proposals, with humans retaining decision-making authority.
The AI-DLC methodology is applied across nine disciplines, all of which are AI-assisted, and is divided into three phases.
The Amazon Payments case study rounds out the picture: four hundred experimental projects were conducted prior to scaling up via the AI-DLC. Five operational principles emerged. Start by integrating AI into the existing workflow before transforming it. Give AI access to code, documentation, and tools—not just an isolated prompt. Use framing files to align results with intent. Manage context carefully, because it is context—not the model—that determines the quality of the output. And foster innovation responsibly, with explicit safeguards and human-in-the-loop oversight for high-stakes decisions.
What the AI-DLC Changes for a CISO AI-DLC is not just a productivity framework; it is a governance framework for AI-assisted development. Its Inception phase, if properly equipped, becomes the natural entry point for all security and compliance requirements. CSOs should view this as a strategic opportunity: it is the point in the cycle where developers want to be given a framework, because without one, AI generates code that is inconsistent with the organization’s standards. Shift-left compliance is no longer an abstract concept—it is a concrete action that can be implemented starting with the very first user story. The other, more subtle aspect: AI-DLC forces teams to explicitly articulate what mature teams used to do through close collaboration. Naming conventions, architectural decisions, and security safeguards were communicated verbally—over coffee, during reviews. Agents lack this intuition; they only know what they’re told. AI-DLC therefore forces the creation of a documented record, which is a net gain for governance and auditing. |
French Cybersecurity: Collective Resilience in the Face of a Surge in Attack Vectors
The panel discussion featuring Éric Bothorel, Member of Parliament; Laurent Verdier, Director of Awareness at Cybermalveillance.gouv.fr; and security managers from AWS France provided the most striking figures of the day. It articulated a message that directly builds on the central theme: when the threat becomes contextual and industrialized by AI, defense can no longer rely on human proximity alone. It, too, must become explicit and replicable.
The Quantitative Easing Boom and What It Hides
220 K Attendance in 2024 (including 150,000 professionals) | 500 K Attendance in 2025 (including 30,000 professionals) | $1 billion Amazon's annual cybersecurity investment | 7 % Global revenue (excluding the EU AI Act) |
The shift in 2024–2025 is dramatic. The number of support requests handled by Cybermalveillance.gouv.fr rose from 220,000 to 500,000—a 2.3-fold increase in just one year. The proportion of business-related requests has dropped (from 68% to 6%), not because businesses are spared, but because the threat to the general public is exploding at an unprecedented rate, and attackers have an overabundance of personal data to contextualize their scenarios. This contextualization is the tipping point: an attacker’s AI, fed with personal data, generates credible, targeted scenarios that are difficult to detect using traditional filters.
2025 Threat Landscape: Phishing Dethroned
The surprise of the year: phishing is no longer the number one threat. It has been overtaken by the hacking of online accounts belonging to small businesses, SMEs, and organizations—often due to simple or reused passwords. Next come contextualized social engineering, business email compromise (BEC), and data breaches, which make companies prime targets as they host data belonging to employees, customers, and partners.
Laurent Verdier emphasized: leaked data becomes ammunition for future attacks. The cumulative effect over time is that the more time passes, the more the stockpile of exploitable data grows, and the more precise the attacks become. Éric Bothorel adds: “The more data attackers have, the more effective AI becomes. So data consumption is also skyrocketing. "The direct consequence for architectures is that the principle of data minimization is no longer just a GDPR requirement; it is an operational security requirement. Every piece of stored data is potential ammunition."
“IThere is no security unless it is collective.” — Laurent Verdier, Cybermalveillance.gouv.fr |
The levers mentioned converge: collaboration between private actors and the public sector (a case study of a joint AWS-Microsoft raid with the Indian government to dismantle a scam network), the AFNOR Cyber Expert certification, European legislative developments (NIS2 as a foundation, supplemented by CRA, DORA, AI Act), and above all the observation that threats are becoming hybrid: espionage, interference, and cyberattacks are converging, requiring distributed and replicable defenses. Éric Bothorel put it unequivocally: in the face of a hybrid and distributed threat, only a defense that is itself distributed and replicated can hold its ground.
What this all means for a cybersecurity professional
It’s time to bring it all back to our own field. The 2026 Summit sends five key signals, each of which calls for an operational response from CISOs, security architects, and expert consultants.
First sign: the agent identity is the new IAM scope
AgentCore Identity, the employee/agent/resource triad, the Euronext case study: everything points to the same conclusion. Agent identities constitute a third IAM population, in addition to human identities and machine identities. They require their own management tools, their own rotation policies, and their own audit mechanisms. Organizations that do not integrate this into their IAM strategy now are accumulating an invisible debt, the cost of remedying which grows exponentially with the number of agents deployed.
Second sign: MCP governance is the next API governance
The MCP (Model Context Protocol) is becoming to agents what REST is to applications. And just like REST in its day, it will first proliferate unchecked before organizations realize they need to govern it. The Euronext case study illustrates exactly the breaking point and the architectural solutions (single gateway, PII guardrails, tool routing, private VPC). Organizations that implement this governance from the very first MCP tools will spare themselves a costly retrofit; the others will go through the same learning curve as that of ungoverned APIs from 2015–2018.
Third sign: AI-DLC is the shift-left compliance framework that was missing
Forty-two euros spent on compliance for every hundred euros spent on IT. This figure reflects a structural problem: compliance comes too late in the cycle, costs too much, and creates too much friction. AI-DLC, with its Inception phase that defines the context, standards, and regulatory requirements before the first line of code is written, offers a concrete framework for solving this problem. This is no longer declarative shift-left compliance; it is operational shift-left, driven by agents that continuously verify compliance.
Fourth trend: The supply chain is expanding to include models, agents, and contexts
SBOM, SCA, signing (Sigstore), attestation (SLSA), and secure coding—all of which have been developed with great effort over the past decade—are finding a new purpose as they are extended to the world of AI. We must catalog the models used just as we catalog open-source libraries. We must trace the provenance of datasets just as we trace the provenance of code. Sign agent chains just as we sign build artifacts. Attest to the compliance of prompts and contexts just as we attest to that of infrastructure configurations. The Bureau Veritas eight-axis radar (explainability, fairness, governance, confidentiality, robustness, security, transparency, controllability) provides a framework for structuring this expansion.
Fifth sign: Resilience requires explicit and replicable safeguards
The cybercrime statistics (220K → 500K requests, AI-driven contextualization of attacks, hybrid threats) underscore a fundamental architectural truth: a defense system that relies on human proximity, tacit expertise, and informal processes cannot withstand the increasing scale of the threat. Defense must be explicitly documented, verifiable, auditable, and replicable—automated, versionable, and deployable consistently across the organization. This principle, which DevSecOps has upheld since its inception, has never been more relevant than in the era of agent-based threats.
From code governance to context governance
The AWS Summit Paris 2026 is not like other summits. It is the event where, after two years of promises and proof-of-concepts, the ecosystem is finally making the shift toward agent-based industrialization. As we wrap up this analysis, three key insights are becoming clearer, and a broader path forward is taking shape.
Three beliefs
Governance has once again become the overarching theme. After the rush to develop POCs, mature organizations are investing in what I call the “control infrastructure”: identity, policy, observability, and assessment. This is precisely the domain of DevSecOps practitioners—provided they take a step back from code governance to focus on the governance of the agent chain. Application supply chain skills transfer naturally; the reverse is not true.
AI-DLC is not just a buzzword. It is a coherent methodology that integrates regulatory compliance into its Inception phase and redefines the scope of consulting services. The first firm to formalize it into an operational framework within the French ecosystem will gain a lasting competitive edge.
The difference lies in the ability to provide reassurance, not in the tools. Forty-two euros spent on compliance for every hundred euros spent on IT. Seven percent of global revenue in AI Act fines. Five hundred thousand cybercrime support requests by 2025. It is organizations that bear the stress, and it is this stress that must be absorbed, structured, and transformed into a controlled path forward. We don’t sell technology. We sell peace of mind in the face of complexity that is growing faster than teams can handle.
The next battle will be about context
While this Summit marks the shift toward agent-based industrialization, it also offers a glimpse of the battle ahead. A statement, first mentioned in passing by the Amazon Payments team and later echoed by La Centrale, is worth pondering: “Prompt engineering is no longer enough; we must move toward context engineering.” Beneath its modest appearance, it heralds a strategic shift on a scale comparable to the one we are currently experiencing.
The era of prompt engineering from 2023 to 2025 was one in which people sought the magic formula—the perfect prompt that would unlock the model’s capabilities. It was the work of a refined tinker. The era now unfolding is different: what matters now is the architecture of the context in which the agent operates. What tools does it have? With what permissions? On what data? With what memory? What documentation? What standards? What examples? In what chain of agents does it fit? These are all questions that are no longer addressed at the prompt level, but at the level of the platform, governance, and application architecture.
This shift has a profound impact on our profession. The cybersecurity professional of 2028–2030 will no longer simply manage the software production chain. They will manage the production of contexts: the code repositories visible to agents, the available MCP tools, the scoping documents, the shared memories, and the evaluation rules. The emerging discipline that is beginning to be called context engineering will bring all of this together. It will draw from information architecture, knowledge management, data security, IAM, observability, and document governance. It is a composite discipline that does not yet have a definitive name and does not yet have recognized practitioners.
Three practical questions can help you address this right away. Who controls the context in your organization? If the answer is “no one” or “everyone does their own thing,” there is a massive risk of agents going off track, inconsistent decisions, and leaks of sensitive data inadvertently introduced as context due to negligence. How do you version the context? If it drives agents’ decisions, it has the same requirements as source code: versioned, reviewed, tested, and deployed in a controlled manner. How do you assess the quality of a context? A poor context produces poor agents, no matter how sophisticated the underlying model may be.
I’ll conclude this article with a firm belief. Our field has never been more exciting. We are not mere observers of the agent-driven revolution—we are its architects. What we build in the coming months will shape how organizations deploy artificial intelligence for the next decade. It is a responsibility, it is an opportunity, and above all, it is a rare moment when our discipline finds itself right at the center of the equation.
Appendix: Glossary of Key Terms and Concepts
Concept | Description |
Amazon Bedrock AgentCore | Managed runtime for AI agents: six components (Runtime, Gateway, Identity, Policy, Observability, Evaluations). A cornerstone of AWS’s 2026 agent-based strategy. |
AgentCore Gateway | Unified entry point / MCP that transforms APIs, Lambdas, and MCP servers into governable resources. Caching, PII guardrails, tool routing. |
AgentCore Identity | Agent-specific identity (distinct from the user), three-level authentication management. |
AgentCore Policy | Granular RBAC and ABAC permissions by tool, operation, and context. |
AgentCore Observability | End-to-end traceability: tokens, latency, call chains. |
AgentCore Reviews | LLM-as-a-judge integrated with Observability for continuous agent evaluation. |
MCP (Model Context Protocol) | Standardized communication protocol between AI agents and tools/services. |
AI-DLC | AI-Driven Development Lifecycle: three phases (Inception, Construction, Operations), nine AI-assisted disciplines. |
Context Engineering | Emerging field of post-prompt engineering. Architecture of the context provided to agents: tools, permissions, data, memory, standards. |
Kiro | AWS Agentic IDE, a competitor to Claude Code and Cursor. |
AWS Transform | Code and architecture migration specialist (Air Canada case study: time reduced by 50%). |
Lambda Durable Functions | Pattern: execute/checkpoint/suspend/resume/replay. End of the 15-minute Lambda limit. |
AWS European Sovereign Cloud | Independent region, European legal entities, Brandenburg. First client: Ariane 6. |
Bureau Veritas: AI Radar | AI assessment across 8 key areas: explainability, fairness, governance, privacy & security, robustness, safety, transparency, and controllability. |
EU AI Act | European AI Regulation: 113 articles, penalties of up to 7% of global revenue. |
