AWS Security Hub can now discover and assess Microsoft Azure virtual machines, container images, Function Apps, and identities, the company announced July 14. The expansion means security operations centers that already depend on Security Hub for AWS risk management can now triage Azure posture and vulnerability findings in the same queue—without first routing every signal through a separate platform.

The update arrives alongside three AI-focused capabilities: general availability of GuardDuty AI Protection for Amazon Bedrock and SageMaker, a preview of AI-powered investigations in GuardDuty, and a new Security Hub AI inventory that catalogs models, agents, and endpoints across an AWS organization.

Azure Resources Enter the AWS Risk Queue

Security Hub’s Azure assessment checks for software vulnerabilities, internet exposure, and misconfigurations aligned with the CIS Microsoft Azure Foundations Benchmark. When it finds an unprotected storage account or an Azure VM with a critical CVE, it generates a finding using the same severity format, automation rules, and response playbooks that Security Hub already applies to AWS resources.

For analysts, that consistency is the headline. “Your team works from one understanding of risk across your entire estate,” AWS wrote in its Security Blog. A single pane of glass is an overused phrase, but here it has a concrete meaning: an analyst investigating an alert about an exposed Azure Function App can pivot to related AWS findings without switching tools or mentally translating severity scores.

Azure resources are priced at the same rates as equivalent AWS resources, with no multicloud surcharge. AWS is also offering an independent 30-day free trial specifically for Azure coverage, separate from any other Security Hub trial. That makes it easy to test without committing budget.

The initial resource list—VMs, Function Apps, container images, and identities—covers several high-value attack surfaces but is not exhaustive. AWS says support for additional clouds will follow, though no public timetable has been shared. For now, Azure services like SQL databases, Kubernetes clusters, or networking components remain outside Security Hub’s native reach. Teams that need full Azure workload coverage will still rely on Microsoft Defender for Cloud or third-party alternatives.

AI Workloads Get Purpose-Built Detection

Alongside the multicloud push, AWS added threat detection specifically for Amazon Bedrock and SageMaker. GuardDuty AI Protection, now generally available, analyzes CloudTrail data events to establish a baseline of normal model invocation and flag deviations that suggest compromised credentials or abuse.

One threat pattern AWS is emphasizing: cost harvesting. An attacker with stolen credentials can invoke foundation models to run expensive inference, racking up cloud bills without deploying any infrastructure. GuardDuty AI Protection detects these anomalous invocations and can also identify prompt-injection attempts through integration with Bedrock Guardrails. The service is included in GuardDuty with a 30-day free trial.

For administrators, spotting a sudden spike in AI spending should now trigger an incident review, not just a finance query. “They found a security incident through an accounting review,” AWS recounted of one customer. GuardDuty aims to shift that detection earlier.

The companion feature, GuardDuty AI-powered investigations (currently in preview), automatically examines findings and related account activity from the past 90 days. It produces a disposition assessment with a confidence score, MITRE ATT&CK classification, evidence summary, and recommended action—such as suppressing an alert, containing a resource, or starting remediation. AWS says the system can reduce hours of manual triage to minutes, though security leaders should treat the AI’s conclusions as an investigative aid rather than a final verdict. Testing the preview against analyst decisions will be essential before automating any destructive containment.

An Organization-Wide AI Asset Map

A basic but widespread problem is that many organizations don’t know what AI systems they have running. Security Hub’s AI inventory, generally available at no extra cost in the Essentials plan, aims to fix that.

It discovers AI workloads in two ways. For managed services, it inventories AWS Config resources across Bedrock, SageMaker, and AgentCore. For self-hosted or external workloads, runtime analysis finds models on EC2, ECS, or EKS, as well as external model endpoints that AWS workloads call. Each asset is then mapped to its underlying compute, networking, IAM roles, and data stores, and correlated with GuardDuty findings.

This can surface shadow AI deployments—a proof-of-concept SageMaker endpoint left running, a Bedrock agent nobody remembered to decommission, a Lambda function quietly calling an external model API. In large organizations, such assets multiply across hundreds of accounts before a central security team establishes governance. The inventory now gives that team a single, continuously updated view.

What It Means for You

The practical impact depends on where your security operations center of gravity already sits.

For AWS-first organizations with Azure workloads: If Security Hub is your primary triage queue and you maintain automation playbooks for findings, the Azure integration lets you fold your Azure posture into that workflow with minimal friction. Your analysts stop jumping between two consoles. Pricing parity and the separate trial remove financial barriers to testing.

For Azure-first organizations: This expansion does not replace Microsoft Defender for Cloud, Azure Policy, or Microsoft Sentinel. Those tools remain more deeply integrated with Azure’s control plane, identity system, and endpoint protection. Unless your team already uses Security Hub extensively, moving to it solely for Azure assessment likely adds complexity rather than reducing it.

For security leaders managing AI risk: The AI inventory and GuardDuty AI Protection fill a real gap. Even organizations with mature cloud security often lack visibility into model deployments and model invocation patterns. The inventory is free, so turning it on is a low-risk way to start understanding your AI footprint. GuardDuty AI Protection requires a trial activation, but for any production Bedrock or SageMaker workload, it’s worth evaluating immediately.

For incident responders: GuardDuty AI-powered investigations could speed triage, but they’re still in preview. If your team participates in the preview, track false-positive rates, compare AI conclusions with analyst decisions, and maintain human review for any containment actions. Confidence scoring is an indicator, not proof.

How We Got Here

AWS Security Hub launched in 2019 as a way to centralize security findings from AWS services and partner products. Over time, it added automated compliance checks, cross-Region aggregation, and a growing partner network. Earlier this year, AWS introduced Security Hub Extended, a curated set of 21 third-party integrations that emit findings in the Open Cybersecurity Schema Framework (OCSF). Those partners—including CrowdStrike, Okta, SentinelOne, and Splunk—already cover endpoints, identities, and cloud environments outside AWS.

Adding native Azure assessment is the logical next step. As the company’s security blog noted, most enterprise Security Hub customers have been running workloads in multiple clouds for years. They asked AWS to extend native monitoring to other clouds. Azure is the first, with more promised “quickly.”

The AI protections respond to a different trend: the rapid adoption of generative AI and the accompanying visibility gap. AWS heard from customers who discovered compromised accounts only after finance flagged a bill anomaly. The three AI launches—detection, investigation, and inventory—form a layered response: know what you have, detect threats against it, and speed up investigation when something goes wrong.

What to Do Now

If your organization fits the use case—significant AWS presence plus some Azure resources, or active AI workloads—here are concrete steps:

  1. Enable Azure assessment in Security Hub. Navigate to the Settings page, choose the “Multicloud” section, and add your Azure subscription. The independent 30-day trial means you can test without financial commitment. Review the CIS Microsoft Azure Foundations Benchmark checks and compare the findings to your existing Defender for Cloud or Sentinel alerts. Look for inconsistencies and overlap.
  2. Activate GuardDuty AI Protection. The 30-day free trial is available in the GuardDuty console. If you use Bedrock or SageMaker, turn it on and observe the baseline. Pay attention to any cost-harvesting alerts—if GuardDuty flags anomalous invocation, immediately investigate the associated IAM role and CloudTrail events.
  3. Turn on the AI inventory. It’s included in Security Hub Essentials at no cost, so there’s no reason to delay. After enabling, review the catalog of Bedrock agents, SageMaker endpoints, and external model calls. Identify orphaned or undocumented assets and bring them under governance. Map the inventory to your existing IAM roles and data stores to understand blast radius.
  4. Evaluate GuardDuty AI-powered investigations (preview). If you’re in an eligible Region, opt in. Run it against recent GuardDuty findings and compare the AI’s disposition with your analysts’ conclusions. Track false positives, false negatives, and time saved. Do not automate containment based on the AI’s recommendation until you’ve validated its reliability in your environment.
  5. Revisit credential hygiene. Both the Azure and AI features hinge on credential management. Rotate access keys, enforce multi-factor authentication, audit IAM policies, and ensure cloud cost anomalies feed into incident response—not just finance.

Outlook

The July 14 release positions Security Hub as a broader security control plane, not just an AWS findings dashboard. The inclusion of Azure native scanning and AI workload protections, combined with the Extended partner integrations, points toward a strategy where findings from multiple clouds and security categories are correlated into a single exposure or attack path. That correlation work is still in progress, as AWS acknowledged, but the foundations are being laid now.

The next milestones to watch are expanded Azure resource coverage (SQL databases, Kubernetes, networking) and additional cloud providers. Also, the eventual general availability of AI-powered investigations will determine whether automated triage can reduce alert fatigue without introducing dangerous complacency. For now, multicloud security teams and AI-accountable CISOs have concrete new tools to evaluate—and a clear path to try them without leaving the AWS console.