What is AWS AgentCore and how are businesses using it?

Amazon Bedrock AgentCore is the AWS platform for running AI agents in production. It launched in general availability in October 2025. If your team is evaluating whether to build an AI agent on AWS, AgentCore is the infrastructure layer most production builds run on today.

AgentCore does not replace the AI model. It handles everything around the model: where the agent runs, how it connects to your tools, how it remembers context across conversations, and how you enforce rules about what it is allowed to do.

What AWS AgentCore actually does

AgentCore is modular. You pay for the pieces you use. Here is what the core services do in plain terms.

Runtime is where your agent executes. Each session runs in an isolated environment with up to 8 hours of execution time. Your data does not share compute with another company's session. The agent can pause mid-task and resume exactly where it left off.

Memory gives the agent context across conversations. Session memory handles the current exchange. Long-term memory persists information about a user or account over time. Episodic memory, added in December 2025, lets the agent learn from prior interactions.

Gateway connects your agent to the tools it needs. It converts existing APIs, Lambda functions, and MCP servers into agent-ready tools. Salesforce, Slack, Jira, Asana, and Zendesk each connect with a single step. Gateway handles authentication for every connection so your team does not wire up credentials per tool.

Policy controls what the agent is allowed to do. You write rules in plain language. "Block all refunds over $1,000 without human approval" is a valid policy. The system converts that rule to enforceable code and checks every tool call against it in milliseconds.

Evaluations monitors whether your agent continues to perform correctly after go-live. AWS provides 13 pre-built evaluators covering correctness, helpfulness, safety, and tool selection accuracy.

AgentCore works with any AI model: Claude, Nova, GPT, Llama, Gemini, Mistral. It also works with any agent framework, including LangGraph, CrewAI, LlamaIndex, and AWS's own Strands Agents.

AgentCore is one approach, not the only one

Before AgentCore existed, Tech 42 built production agents on ECS containers using LangChain and FastAPI. That architecture still works and can be a good choice depending on the project. Here's how that approach works:

The agent runs on a fixed-rate container, always on, paying for compute whether the agent was handling requests or sitting idle. Every operational layer is built from scratch: session isolation, memory management, tool authentication, observability, scaling logic. It's more setup, more ongoing maintenance, and a predictable monthly bill, though inference is still billed separately as with AgentCore.

AgentCore replaces most of that infrastructure work. It is managed and serverless. You pay for active consumption, not reserved capacity. That model works well for low and moderate usage. For high-volume production workloads, the math shifts. Managed services carry a premium per unit of compute, and at sufficient scale a self-managed ECS deployment may be cheaper. The crossover point depends on your session volume, session length, and how many AgentCore services you are using.

There is also a fair caveat on maturity. AgentCore launched in general availability in October 2025 and has moved fast since. Several capabilities are still in preview as of mid-2026: the managed harness, payments, and bidirectional streaming. The platform is capable and production-ready for most use cases. It is also still being built. Teams with very specific infrastructure requirements or unusually high throughput needs should evaluate whether the tradeoff holds for their situation before committing.

Not sure whether your use case calls for a full agent, a simpler workflow, or a custom build? The "what is an AI agent" breakdown on the Tech 42 blog walks through the four questions worth asking before you decide.

What AgentCore costs, and why it gets complicated

AgentCore uses consumption-based pricing with no upfront commitment. As of publishing, runtime charges $0.0895 per vCPU-hour and $0.00945 per GB-hour on active resource use. CPU charges stop when the agent is waiting on a model response or API call. AWS reports agents spend 30 to 70 percent of session time in that wait state, which is the main cost advantage over pre-allocated compute.

The harder problem is that AgentCore bills each service independently. A simple agent has a more predictable cost. One that adds persistent per-user memory, multi-agent orchestration, high tool call frequency, or RAG retrieval has compounding cost paths that depend heavily on design choices. You need to model the architecture, not just the runtime.

Model inference is billed separately through Amazon Bedrock and is typically the largest line item. At typical session lengths it represents 50 to 70 percent of total spend, depending on the model chosen. Your model choice matters more than any other single variable. Switching from a premium model to a mid-tier model can cut the inference cost dramatically.

As a real reference point: Tech 42's Audible Deals Agent, a personal infrequent-use build on AgentCore Runtime with Claude Haiku 4.5, PostgreSQL storage, and browser integration, runs between $22 and $130 per month depending on usage volume. That is a simple agent at low scale. A customer-facing production agent serving thousands of users will cost more, and the model choice will drive most of that difference.

The AgentCore cost calculator includes model inference as a line item alongside infrastructure costs and lets you compare models directly. Most cost tools stop at infrastructure. Skipping inference gives you the wrong number for a business case.

What governance and security look like

Security in AgentCore operates at the infrastructure layer, not the application layer. The Policy service intercepts every tool call before the action executes. This matters because even a carefully prompted agent can be manipulated through its inputs. Policy enforcement does not depend on the model behaving correctly.

Each session runs in an isolated microVM. AgentCore also supports VPC deployment, AWS PrivateLink, and AWS CloudFormation for teams with stricter network requirements.

One known issue is worth understanding before you build. In late 2025, Palo Alto Networks disclosed a vulnerability in AgentCore's sandbox environment that could have exposed credentials via a server-side request forgery attack. AWS patched it by February 2026, setting a more secure metadata service as the default for all new agents. Confirm your configurations are current before you go to production.

Observability routes through Amazon CloudWatch and integrates with Datadog, Dynatrace, LangSmith, and Langfuse.

Getting to production

The managed harness, launched in April 2026, lets a developer define an agent with a model, a system prompt, and a list of tools. No orchestration code is required. There is no additional charge for the harness.

AWS funding programs may cover part of your build costs. The AWS Migration Acceleration Program expanded in 2025 to cover AI and agentic builds, not only infrastructure migrations. Eligibility and amounts depend on your AWS account situation.

Tech 42's AgentCore Accelerate Program is a two-week sprint to a production POC, structured to qualify for AWS funding. Many clients run it at no cost. If you want to explore the architecture first, the free AI Agent Starter Pack on AWS Marketplace deploys a production-ready AgentCore agent in minutes.

‍