Blog
Serverless AI Agents with Amazon Bedrock AgentCore

The newly released suite from AWS just pushed serverless into GenAI.

Artificial intelligence in the enterprise is at a turning point. Agents built on LLMs have moved from proof-of-concept status to being seriously considered for integration into business operations. Yet, operationalizing these agents remains challenging due to issues surrounding secure execution, integration complexity, memory persistence, and auditability at a production scale. Today, AWS debuted Amazon Bedrock AgentCore in public preview, marking a significant step toward making agent-based automation both standardizable and manageable across enterprise environments.
Amazon Bedrock AgentCore is structured as a suite of seven managed primitives, each focused on a specific operational challenge. At its core is the Runtime, which provides strict session-level isolation using Firecracker microVMs. Each agent invocation receives a dedicated, ephemeral microVM, ensuring that memory and execution state persist only for the duration of the session. This eliminates cross-tenant leakage and supports high-assurance teardown requirements that are crucial for regulated industries and any enterprise handling sensitive workloads. Cold start latency is present, typically ranging from 300 to 800 milliseconds, but teardown is deterministic. The microVMs are wiped clean at the end of every session, and the state is preserved for up to 15 minutes only if the agent is awaiting further user input; after this time, the environment is entirely destroyed.
The memory primitive in AgentCore supports both short-term event retention and long-term, insight-driven storage. Memory can be segmented by user, business unit, or custom namespace, and organizations can configure how frequently insights are extracted and for how long context persists. File uploads for memory are currently limited to 250MB per session, as documented in the AWS preview. Both short-term and long-term memory are accessible via standard SDK calls. The code interpreter is an ephemeral Linux environment, pre-loaded with libraries such as pandas, NumPy, SciPy, and Matplotlib for Python, as well as standard stacks for R and TypeScript. It allows up to 25 concurrent sessions per account per region and supports file uploads up to 250MB. All execution is sandboxed in Firecracker microVMs, ensuring that code runs with complete isolation and is easily torn down.
Gateway simplifies tool integration by allowing teams to expose APIs, Lambda functions, and OpenAPI/Smithy endpoints to agents without bespoke adapters or wrappers. The managed browser brings headless Chromium automation to the agent runtime, enabling agents to perform web-based retrieval, automation, and scraping tasks. Each browser session runs within its own microVM, and AgentCore supports scaling up to 3,000 concurrent browser or runtime sessions per account, subject to region and service quotas. The Identity primitive is designed for enterprise SSO (e.g., Okta, Active Directory, Cognito) and supports outbound delegation (e.g., three-legged OAuth), allowing agents to securely act on behalf of users in both internal and third-party SaaS environments. Observability is built-in across all primitives: every tool invocation, approval, error, and memory access is captured as a span, with metrics and logs streamable to external observability platforms via OpenTelemetry.
Actually, AgentCore is available in us-east-1, eu-west-1, and ap-southeast-1, with further regional rollout planned.
AgentCore standardizes agent execution with these key capabilities: the Runtime delivers Firecracker-based microVM isolation for every session; Memory offers segmented, event-driven short- and long-term storage; the Code Interpreter supplies a secure, pre-loaded analytics sandbox; the Managed Browser powers scalable, isolated headless automation; Gateway enables frictionless integration of APIs and tools; Identity provides inbound SSO and outbound delegation; Observability ensures comprehensive, exportable traces and metrics across the platform.
Operationalizing research agents for competitive intelligence or regulatory monitoring typically presents several hurdles: securing browser automation, ensuring auditability, and managing the surface area of tools that interact with the open web. With AgentCore, browser sessions are strictly isolated in microVMs, with each invocation securely torn down and terminated. The agent’s memory can persist insights by project or analyst, while every action is fully traceable in the observability stack. This eliminates the need for teams to handcraft wrappers or manage custom browser sandboxes—a common pain point in traditional open-source agent frameworks.
You're halfway in — the full article lives on our blog.
Continue reading on blog.radixia.ai →Free to read. Subscribe there to get new posts by email.
