AWS Open Source Blog

IT support teams face a persistent challenge: employees expect instant answers to common questions (VPN setup, single sign-on troubleshooting, new-hire onboarding), but novel or complex issues still require human expertise. An AI agent that confidently answers, “How do I reset my VPN?” but hallucinates a response to “My IAM Identity Center session keeps expiring after […]

MySQL — the open source database behind millions of applications worldwide — is opening a new chapter. Today, Oracle announced a community governance model for MySQL that creates pathways for the broader community to participate in the project’s development and direction. This post explains why AWS supports this move and what it means for the […]

Enterprises that onboard AI assets (MCP servers, agents, skills, and multi-step workflows) need to govern these assets and make them discoverable without blocking innovation. Central IT maintains a list of approved MCP servers and skills for the organization. Each line of business also publishes its own assets to its team, and often to the wider […]

Today, we’re announcing Trusted Remote Execution (Rex, for short) — an open source scripting runtime where every system operation is authorized by policy. Scripts are written in Rhai, a lightweight language with no built-in system access. The only way to reach the host is through operations Rex explicitly provides, which are authorized against a Cedar […]

As organizations scale applications, managing authorization becomes increasingly complex. What starts as role-based permissions quickly evolves into intricate rules spanning multiple services, regions, and compliance requirements. Traditional approaches of embedding authorization logic in application code lead to fragmented policies scattered across codebases, making them difficult to maintain, audit, and scale. These challenges have become more […]

Introduction Organizations in automotive, manufacturing, and embedded systems increasingly rely on cloud-based development environments to reduce hardware dependency and accelerate software delivery. As vehicle architectures shift toward software-defined platforms, engineering teams need access to specialized toolchains, virtual hardware models, and simulation environments that are consistent across sites and reproducible across projects. Provisioning these environments manually […]

The security industry stands at an inflection point. In November 2024, the Open Cybersecurity Schema Framework (OCSF) joined the Linux Foundation, cementing its role as a vendor-neutral, open source standard for the global security community. Last summer at Black Hat 2025, we showed you how OCSF was powering AI-driven security operations. Then in December 2025, […]

AWS, Anthropic, Google, Microsoft, and OpenAI today announced a joint $12.5 million investment with the Linux Foundation to help open source projects address a surge in AI-enhanced and AI-generated security vulnerability reports. Both the Alpha Omega initiative and the Open Source Security Foundation (OpenSSF) will receive funding through the Linux Foundation grants. Software security is at […]

We’re introducing Strands Labs, a new Strands GitHub organization designed to give developers the ability to get hands-on with experimental, state-of-the-art approaches to agentic AI development. The Strands Agents SDK – available for both Python and TypeScript – has gained incredible traction in the developer community since we released it as open source in May […]

Cedar, an open source authorization policy language and SDK, has joined the Cloud Native Computing Foundation (CNCF) as a Sandbox project. CNCF provides a neutral home for early stage and developing open source projects. Cedar fulfills the need for a fast, safe, and analyzable authorization policy language in cloud-native environments by allowing developers to define, […]