AWS Security ChangesHomeSearch

AWS devopsagent documentation change

Service: devopsagent · 2026-03-13 · Documentation low

File: devopsagent/latest/userguide/aws-devops-agent-security.md

Summary

Updated section references from 'AWS DevOps Agent Security' to 'Shared responsibility model' regarding prompt injection protections and custom MCP tools

Security assessment

The changes clarify documentation references to the shared responsibility model but do not introduce new security controls or address specific vulnerabilities. The content reinforces existing security guidance about prompt injection risks.

Diff

diff --git a/devopsagent/latest/userguide/aws-devops-agent-security.md b/devopsagent/latest/userguide/aws-devops-agent-security.md
index a64580b21..44ee56175 100644
--- a//devopsagent/latest/userguide/aws-devops-agent-security.md
+++ b//devopsagent/latest/userguide/aws-devops-agent-security.md
@@ -124 +124 @@ All AWS DevOps Agent API calls are automatically captured by AWS CloudTrail with
-A prompt injection attack occurs when an attacker embeds malicious instructions into external data, such as a webpage or document, that a generative AI system will later process. AWS DevOps Agent natively consumes many data sources as part of its normal operations, including logs, resource tags, and other operational data. AWS DevOps Agent protects against prompt injection attacks through the safeguards below, but it is important to ensure all connected data sources and user access to those data sources are trusted. See [AWS DevOps Agent Security](./aws-devops-agent-security.html) section for more.
+A prompt injection attack occurs when an attacker embeds malicious instructions into external data, such as a webpage or document, that a generative AI system will later process. AWS DevOps Agent natively consumes many data sources as part of its normal operations, including logs, resource tags, and other operational data. AWS DevOps Agent protects against prompt injection attacks through the safeguards below, but it is important to ensure all connected data sources and user access to those data sources are trusted. See [Shared responsibility model](./aws-devops-agent-security.html) section for more.
@@ -141 +141 @@ While AWS DevOps Agent provides multiple layers of protection against prompt inj
-  * **Custom MCP server tools** – The bring-your-own MCP feature allows you to introduce custom tools to the agent, which can present additional opportunities for prompt injection. Custom tools may not have the same security controls as native AWS DevOps Agent tools, and malicious instructions could potentially leverage these tools in unintended ways. See [AWS DevOps Agent Security](./aws-devops-agent-security.html) section for more.
+  * **Custom MCP server tools** – The bring-your-own MCP feature allows you to introduce custom tools to the agent, which can present additional opportunities for prompt injection. Custom tools may not have the same security controls as native AWS DevOps Agent tools, and malicious instructions could potentially leverage these tools in unintended ways. See [Shared responsibility model](./aws-devops-agent-security.html) section for more.