.png?width=1432&height=342&name=tennex%20Logo-E4-side-by-side%20(1).png "Tennex Logo")
Agentic Security with Strands
Conversational AI on Amazon Bedrock AgentCore with MCP and Strands.
Summary
A biotechnology developing potentially curative genetic medicines built on a proprietary toolbox of CRISPR gene-editing systems engaged Tennex for this solution. The company mines the extensive natural diversity of its proprietary database to discover and engineer novel enzymes, and operates in a highly regulated, data-sensitive environment.
The Challenge
This company's security and operations teams needed to investigate signals and act across many disparate enterprise systems quickly, without slow, manual pivoting between consoles. At the same time, the company wanted to put conversational AI in the hands of its staff to multiply their productivity - but only if that AI could be governed by design and kept entirely inside their own AWS environment, given the regulated nature of their data. Off-the-shelf assistants that send data to third-party models were not acceptable.
“Tennex has automated a previously unmonitored security function, ensuring critical vulnerabilities are surfaced and managed.”
- Director, IT
The Solution
Tennex designed and deployed production agentic workflows on Amazon Bedrock AgentCore, with Anthropic Claude Sonnet 4.5 on Amazon Bedrock as the reasoning engine and all inference kept within Amazon Bedrock. Two capabilities are in active use:
SIEM Model Context Provider (MCP) - lets analysts query Elasticsearch-backed SIEM data in natural language to investigate incidents and triage alerts - for example, pulling recent high-severity alerts, correlating them with failed logins and context-aware access denials, and pivoting on a suspicious user or IP across Okta, Google Workspace, VPN, Windows, and Wazuh in a single query. The server is hosted on Amazon Bedrock AgentCore (which handles the MCP protocol) and was built to scale to n+1 MCP servers via an automated deployment pipeline.
Strands Agent on AgentCore Runtime - a conversational AI agent with persistent memory and tool access, with no servers or container orchestration to manage. Its agent loop performs Claude-via-Bedrock reasoning and dispatches tool calls to built-in AgentCore services (Memory, Code Interpreter, Browser, and the MCP Gateway), persisting session state to Amazon S3.
Security and governance follow Tennex’s standard practices: Amazon Cognito issues short-lived JWTs validated per invocation (federated to their Okta tenant); MCP and agent IAM roles are scoped to least privilege; credentials are held in AWS Secrets Manager; workloads run in private subnets within a VPC; and Amazon Bedrock Guardrails constrain model behavior. Containers are stored in Amazon ECR, AgentCore handles lifecycle/scaling/invocation routing, and the platform auto-scales to zero with budget alarms. Observability is end-to-end via structured JSON logging and Amazon CloudWatch dashboards and alarms. All infrastructure is defined as code with AWS CDK using logical stacks that deploy independently.
Reach out today!
We'd love to learn more about your vision. Schedule a free consultation with one of our Cloud Architects.