Enterprise AI adoption has a workforce problem that is not getting enough attention in security planning conversations. Organizations are deploying generative AI applications and agentic workflows at a pace that consistently outstrips the security knowledge of the developers building them. The result is a growing inventory of AI-powered applications carrying vulnerabilities that their own authors did not know to look for, shipped into production environments where the blast radius of a security failure is considerably larger than in traditional software contexts.
Secure Code Warrior’s strategic collaboration agreement with AWS, anchored by new hands-on training modules for Amazon Bedrock, is a direct response to that dynamic. It is also a signal that the developer security training category is being fundamentally repositioned around AI governance rather than general secure coding hygiene.
As enterprises strengthen AI governance for application development, many still overlook the contractual obligations, vendor commitments, and compliance exposures shaping AI deployment decisions. Agiloft CLM + AI turns static agreements into actionable intelligence so legal, procurement, and compliance teams can govern AI adoption with greater confidence.
What the Agreement Actually Delivers
The practical output of this collaboration is a set of immersive, hands-on training modules now available within the Secure Code Warrior platform, built specifically around securing Amazon Bedrock infrastructure using Terraform. The content portfolio includes four Coding Labs, four AI Challenges, and one Walkthrough Mission, structured to give developers direct, controlled exposure to AI-specific vulnerability classes in interactive environments.
The vulnerability categories targeted are telling. Prompt injection, excessive agency, insufficient logging, and information exposure represent the threat surface that is specific to large language model applications and agentic AI deployments. These are not generic web application security concerns repackaged for AI context. They are genuinely distinct risk categories that require distinct developer knowledge to address effectively.
Why Bedrock-Specific Training Matters for Enterprise Security Teams
Amazon Bedrock has emerged as one of the primary platforms enterprises are using to build generative AI applications at production scale. Its position as managed infrastructure for foundation model access means a significant volume of enterprise AI workloads are being built on top of it, often by developer teams whose security training was designed for conventional application architectures.
Bedrock-specific training closes a gap that platform-agnostic security education cannot fully address. The infrastructure-as-code patterns used to configure Bedrock environments, the permission models governing model access, and the logging requirements for auditability all carry Bedrock-specific risk profiles. Training that simulates real-world remediation within that specific environment gives developers applicable knowledge rather than theoretical frameworks they have to translate themselves.
The Prompt Injection Problem Is Bigger Than Most Security Teams Have Priced In
Of the vulnerability classes covered in the new modules, prompt injection deserves particular attention from enterprise security leadership.
Prompt injection attacks exploit the fundamental trust relationship between an LLM and its input. When a developer builds an AI application that passes user-supplied content to a language model without adequate input handling, an attacker can craft inputs that override the model’s intended behavior, extract sensitive data, or manipulate downstream actions taken by agentic systems. In applications where AI agents are authorized to take real-world actions, such as executing API calls, querying databases, or generating communications, a successful prompt injection attack can have consequences that extend well beyond the application itself.
The challenge is that prompt injection does not map cleanly to vulnerability classes that most developers have been trained to recognize. SQL injection, cross-site scripting, and buffer overflows have decades of educational material, tooling, and organizational muscle memory behind them. Prompt injection is newer, less intuitive, and requires a different mental model of how software can be exploited.
Training that simulates prompt injection in a controlled environment, as Secure Code Warrior‘s AI Challenges are designed to do, is one of the few mechanisms that builds genuine developer intuition around this vulnerability class rather than theoretical awareness of its existence.
Too Much Agency and the Governance Problem Right in Front of Us
The incorporation of too much agency in training sessions is an important issue that needs to be discussed for security professionals who do not yet realize its potential threat.
Excessive agency refers to AI agents being granted more permissions, access, or autonomy than their intended function requires. It is, in identity security terms, a least-privilege failure applied to AI systems rather than human users. An agent that can read only the data it needs for its task and take only the actions its function requires is considerably less dangerous when compromised or manipulated than one operating with broad, poorly scoped permissions.
The problem is that developers building AI applications frequently do not think about agent permission scoping with the same rigor they apply to human user access controls. The result is a generation of AI applications shipping into production with agents that carry excessive access grants, creating attack surface that compounds as agentic deployments scale.
Training developers to recognize and remediate excessive agency during the build phase is materially more efficient than attempting to retrofit permission controls after deployment. It is also considerably cheaper than managing the incident response consequences of an agent operating outside its intended scope.
OpenText’s Endorsement Carries Procurement Weight
The validation from OpenText, specifically from Dylan Thomas as Senior Director of Engineering, is worth more than a standard customer quote in this context.
OpenText is a large, complex enterprise software organization with its own AI deployment programs across multiple platforms. An endorsement from a Senior Director of Engineering at that scale, citing specific vulnerability classes like prompt injection and data leakage and connecting training directly to production readiness, provides the kind of practitioner-level credibility that influences procurement decisions in peer organizations.
For enterprise security buyers evaluating developer security training investments, that endorsement answers a specific question: does this training produce measurable changes in how developers build AI applications in real production environments. The OpenText reference suggests the answer is affirmative, at least at one significant enterprise scale.
Budget and Procurement Signals for Security Leaders
The AWS strategic collaboration agreement carries procurement implications that extend beyond the training content itself.
For organizations already running AI workloads on Amazon Bedrock, the existence of AWS-aligned training content creates a natural integration point between infrastructure investment and developer security enablement. Security leaders who have approved Bedrock deployments but have not yet addressed the developer education component of their AI governance program now have a vendor-endorsed training path that maps directly to their infrastructure choices.
From a budget conversation perspective, this framing is useful. Developer security training positioned as AI governance and platform risk mitigation sits more comfortably in security budget discussions than general upskilling initiatives. The connection to specific vulnerability classes with documented remediation outcomes, combined with AWS alignment, gives CISOs and CIOs tangible justification language for investment approval conversations.
Organizations in regulated industries, particularly financial services, healthcare, and critical infrastructure, where AI governance obligations are tightening under frameworks including the EU AI Act, have an additional compliance urgency layer that strengthens the procurement case further.
A Larger Industry Shift Taking Shape
The Secure Code Warrior and AWS collaboration is part of a broader reorientation happening across the developer security training market. The category spent years arguing for shift-left security as a general principle. That argument is now largely won in enterprise organizations, at least at the policy level.
The next argument, which this collaboration is helping to frame, is that shift-left security must be specifically rebuilt for AI development contexts. The vulnerability classes are different. The attack surfaces are different. The mental models developers need are different. General secure coding training does not transfer automatically to AI application security.
Vendors that position early around AI-specific developer security education, with platform-aligned content and enterprise-grade hands-on delivery, are establishing curriculum authority in a market that will grow significantly as enterprise AI deployment volumes continue to increase.
For enterprise security leaders, the operational implication is straightforward. Developer security education programs that do not yet include AI-specific curriculum are already behind the risk curve their organizations are carrying. The question is no longer whether to invest in AI developer security training. It is how quickly that investment can be deployed against an active and expanding threat surface.
