Amazon Bedrock AgentCore Adds GA Policy Controls and Production Runtime Features

AWS has pushed Amazon Bedrock AgentCore further into production-ready territory, announcing general availability for both its managed agent runtime and its policy controls. AgentCore — AWS's platform for building, running, and operating agentic AI — reached GA as a production runtime on October 13, 2025. On March 3, 2026, AWS promoted AgentCore's Policy capability to GA, providing a formal governance pathway for deployed agents.

What changed

The initial GA release delivered enterprise-focused runtime features designed to make agent deployments safer and easier to operate inside corporate networks. Key capabilities include serverless agent execution with session isolation and extended multi-hour runtimes, support for VPC and AWS PrivateLink, CloudFormation resources and tagging for infrastructure automation, and integrations with Model Context Protocol (MCP) servers as well as IAM and OAuth for secure tool access. Together, these features aim to let teams run richer, longer-lived agents while fitting into existing security and observability stacks.

Policy controls move governance out of agent code

The Policy capability, now generally available, separates governance from agent logic by running as a centralized engine attached to the AgentCore Gateway. Teams can author policies in plain language; AWS converts those rules into Cedar, its open-source policy language. The AgentCore Gateway intercepts each agent-to-tool request and evaluates it in real time, enabling fine-grained, auditable controls over what tools, data, or actions an agent may use.

Policy runs outside the agent itself, which gives security and compliance teams a single place to define and enforce constraints across many agents. AWS says the feature is available in multiple regions, supporting broader production rollouts.

Additions that ease the path to production

AWS has also added features intended to reduce the custom plumbing that often slows agent projects moving from prototype to production. In February 2026, Bedrock added server-side tool execution through the AgentCore Gateway and Bedrock Responses API. This lets tools run on the customer side while using IAM-based access control, rather than requiring fragile, bespoke integrations.

AgentCore Runtime gained stateful MCP server features as well, including elicitation, sampling, and progress notifications. Those additions are aimed at supporting long-running, stateful agent workflows where maintaining context and reporting progress are important.

Why this matters

By combining a hardened, enterprise-ready runtime with centralized policy enforcement, AgentCore is positioning itself as a production-oriented stack for agentic applications. For security and compliance teams, policies that operate outside agent code mean a single, auditable control plane for enforcing restrictions. For developers and platform engineers, the runtime features—serverless execution, network isolation, identity integrations, and MCP support—help agents run longer and behave predictably inside existing enterprise environments.

Taken together, these moves reduce the need for fragile, custom infrastructure when scaling agent projects and make it easier to align agent behavior with corporate security and compliance requirements.

Availability

AgentCore's production runtime reached GA on October 13, 2025. Policy became generally available on March 3, 2026, and AWS has rolled the capability out to multiple regions. Server-side tool execution and stateful MCP features were added earlier in 2026 to further support production deployments.