Listen to this Post

Introduction:
Enterprises are drowning in AI experimentation with little to show for it — over 68% of organizations are investing heavily in AI, yet most aren’t realizing the anticipated operational efficiencies. Kyndryl and AWS have just expanded their Strategic Collaboration Agreement (SCA) to bridge this exact gap, moving organizations from “pilot purgatory” to production-grade agentic AI at scale. With a combined force of 11,000+ AWS-certified professionals and a co-developed Agentic AI Framework, this partnership is rewriting the rules of IT modernization, workload automation, and cloud security.
Learning Objectives:
- Understand the architecture and deployment of Kyndryl’s Agentic AI Framework (KAF) on AWS Bedrock
- Master AWS Transform for mainframe and legacy application modernization using agentic AI
- Implement security controls for autonomous AI agents using AWS Continuum and IAM
- Deploy industry-specific agentic AI blueprints for regulated workloads
- Automate routine IT operations and workflow coordination across distributed environments
- Deploying Kyndryl’s Agentic AI Framework (KAF) on AWS Bedrock
The Kyndryl Agentic Framework (KAF) is an enterprise-grade orchestration layer designed to solve the “last mile” problem of AI adoption. It wraps cutting-edge open-source AI capabilities in a “compliance exoskeleton,” ensuring innovation never comes at the cost of control. KAF is AWS-1ative and fully integrated with existing security investments.
Step-by-Step Deployment Guide:
Step 1: Set Up AWS Bedrock AgentCore
Install AWS CLI and configure your region aws configure --profile kyndryl-agentic Set region to us-east-1 or your preferred region aws bedrock-agent list-agents --profile kyndryl-agentic
Step 2: Deploy KAF from AWS Marketplace
KAF is available through AWS Marketplace as a containerized orchestration layer:
Pull the KAF container image (example)
docker pull kyndryl/kaf-orchestrator:latest
Deploy using ECS or EKS with IAM roles
aws ecs run-task --cluster kaf-cluster \
--task-definition kaf-orchestrator \
--1etwork-configuration "awsvpcConfiguration={subnets=[subnet-xxx],securityGroups=[sg-xxx],assignPublicIp=ENABLED}"
Step 3: Configure IAM for Agentic Identity
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": "arn:aws:bedrock:::foundation-model/"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::kaf-agent-data/"
}
]
}
KAF introduces Policy-as-Code and Semantic Verification, allowing deployment of generative AI into high-stakes environments like banking, healthcare, and government. This means you can finally move GenAI projects from “Pilot” to “Production” without triggering compliance red flags.
2. Modernizing Mainframe Workloads with AWS Transform
Kyndryl and AWS have already demonstrated the power of this approach with Alpitour World, completing a full migration of COBOL-based mainframe applications to AWS Cloud in just 16 months. AWS Transform, the first agentic AI service for large-scale legacy modernization, cuts timelines from years to months at significantly reduced cost.
Step-by-Step Mainframe Modernization:
Step 1: Analyze Legacy Code with AWS Transform
Initialize a modernization project aws transform start-modernization-job \ --source-type MAINFRAME \ --source-location s3://legacy-repo/mainframe/ \ --target-language JAVA \ --job-1ame alpitour-modernization
Step 2: Generate Migration Plans
AWS Transform uses specialized mainframe agents to extract business logic and program flows from COBOL code:
Generate migration assessment aws transform get-modernization-assessment \ --job-id alpitour-modernization \ --output-format JSON > assessment.json Review the assessment cat assessment.json | jq '.recommendations'
Step 3: Refactor and Test
Start code refactoring
aws transform start-refactoring \
--job-id alpitour-modernization \
--refactoring-options '{"microservices":true,"api-generation":true}'
Run automated testing
aws transform start-testing \
--job-id alpitour-modernization \
--test-suite s3://test-suites/mainframe-tests/
Kyndryl’s projections indicate that applying AWS Transform to large-scale modernization projects will potentially reduce timelines by approximately one-third. The agents can reason through legacy logic (including COBOL) to assist in refactoring and migrating workloads to the cloud.
Windows Server Migration Alternative:
For Windows workloads being modernized alongside mainframe systems:
Using AWS Application Migration Service aws mgn start-import --s3-bucket mgn-import-bucket --s3-key windows-server-image.ova Validate migration readiness aws mgn describe-job-log-items --job-id windows-migration-job
- Securing Agentic AI with AWS Continuum and IAM
Security is paramount when deploying autonomous AI agents. AWS recently launched AWS Continuum, an AI-1ative security service that continuously discovers, prioritizes, validates, and remediates security risks at machine speed. AWS Security Agent (now part of Continuum) includes threat modeling, an AI-powered agentic capability that automatically generates threat models for your applications.
Security Hardening Commands:
Step 1: Enable AWS Continuum
Enable Continuum for your AWS account aws continuum enable --region us-east-1 Start continuous vulnerability scanning aws continuum start-scan \ --scope "arn:aws:ecs:us-east-1:123456789012:cluster/production" \ --scan-type COMPREHENSIVE
Step 2: Configure Agentic Identity with Cedar
AWS uses Cedar’s deterministic authorization to secure agentic AI tool invocations through Amazon Bedrock AgentCore Gateway:
{
"policy": "permit(principal, action, resource) when { principal.role == 'ai-agent' && resource.sensitivity == 'public' };",
"namespace": "AgenticSecurity"
}
Step 3: Implement RBAC for AI Agents
Create IAM role for AI agents with least privilege aws iam create-role \ --role-1ame AgenticAIRole \ --assume-role-policy-document file://agent-trust-policy.json Attach policy for Bedrock access only aws iam attach-role-policy \ --role-1ame AgenticAIRole \ --policy-arn arn:aws:iam::aws:policy/AmazonBedrockFullAccess
Step 4: Enable Threat Modeling
Generate threat model for your application aws continuum generate-threat-model \ --application-id app-12345 \ --output-format MARKDOWN > threat-model.md
The Agentic AI Security Scoping Matrix provides a structured framework to understand, classify, and secure autonomous AI implementations. KAF leverages existing AWS IAM for rigorous Role-Based Access Control (RBAC), with intelligence powered by Amazon Bedrock and data persisted securely in S3 and Aurora.
4. Automating IT Operations with Agentic Workflows
The collaboration centers on applying AI, including agent-based approaches, to automate routine tasks, coordinate workflows, and support moving workloads to AWS across large, distributed environments.
Automation Script for Agentic Workflow Coordination:
Python script using Boto3 to orchestrate agentic workflows
import boto3
import json
bedrock = boto3.client('bedrock-runtime')
agent = boto3.client('bedrock-agent')
def orchestrate_workflow(task_description):
"""Deploy an agentic workflow for IT automation"""
response = bedrock.invoke_model(
modelId='anthropic.claude-3-sonnet-20240229',
contentType='application/json',
accept='application/json',
body=json.dumps({
"messages": [{
"role": "user",
"content": f"Decompose this IT task into agentic steps: {task_description}"
}]
})
)
return json.loads(response['body'].read())
Example: Automate incident response
workflow = orchestrate_workflow(
"Automate the entire incident response pipeline for EC2 instance failures"
)
print(json.dumps(workflow, indent=2))
Linux Command for Agent Monitoring:
Monitor agent activity across your AWS environment aws cloudwatch get-metric-statistics \ --1amespace AWS/Bedrock \ --metric-1ame AgentInvocations \ --dimensions Name=AgentId,Value=prod-agent-01 \ --start-time $(date -d '1 hour ago' -u +'%Y-%m-%dT%H:%M:%SZ') \ --end-time $(date -u +'%Y-%m-%dT%H:%M:%SZ') \ --period 300 \ --statistics Sum
Kyndryl recently introduced Agentic Service Management, designed to help enterprises move from traditional service operations to autonomous, AI-driven workflows. These agents function as digital teammates to enable faster, more intelligent transformation across complex environments.
5. Industry-Specific Modernization Blueprints and European Sovereign Cloud
Kyndryl and AWS are co-developing new industry-specific agentic AI modernization blueprints, offerings, and advanced delivery capabilities. This includes specialized solutions for financial services, healthcare, retail, and government sectors.
Deploying Industry-Specific Blueprints:
List available industry blueprints from Kyndryl aws s3 ls s3://kyndryl-blueprints/ --recursive Deploy financial services blueprint aws cloudformation create-stack \ --stack-1ame financial-services-agentic \ --template-body file://financial-services-blueprint.yaml \ --parameters ParameterKey=Environment,ParameterValue=production
European Sovereign Cloud Configuration:
Kyndryl is a launch partner for the AWS European Sovereign Cloud initiative, supporting customers with data residency and protection requirements:
Configure for European Sovereign Cloud region aws configure set region eu-south-1 --profile sovereign Deploy with data residency controls aws s3api create-bucket \ --bucket sovereign-data-bucket \ --create-bucket-configuration LocationConstraint=eu-south-1 \ --profile sovereign
The expanded SCA supports collaboration across Europe, where Kyndryl maintains multiple AWS Competencies including Mainframe Modernization, AI, Agentic AI, and Digital Sovereignty.
What Undercode Say:
- Agentic AI is the missing link between experimentation and production — The Kyndryl-AWS expansion directly addresses the 68% of enterprises investing in AI without seeing returns, providing a practical path from pilot to production.
-
Security is non-1egotiable in autonomous AI deployments — With AWS Continuum, Cedar authorization, and KAF’s Policy-as-Code approach, organizations can deploy agentic AI in regulated environments without compromising compliance.
The partnership represents a fundamental shift in how enterprises approach IT modernization. Rather than treating AI as a standalone tool, Kyndryl and AWS are embedding agentic capabilities directly into the infrastructure layer — automating routine tasks, coordinating complex workflows, and accelerating mainframe migrations that traditionally took years.
The 11,000+ AWS-certified professionals at Kyndryl provide the operational expertise that most organizations lack when attempting to scale AI. Combined with AWS’s cutting-edge agentic services like Bedrock AgentCore, Transform, and Continuum, this creates a formidable capability for enterprises struggling with legacy systems and AI adoption.
What’s particularly compelling is the focus on industry-specific blueprints — not one-size-fits-all solutions, but tailored approaches for banking, healthcare, government, and retail. This pragmatism, coupled with the European Sovereign Cloud initiative, suggests the partnership is built for real-world, regulated enterprise environments rather than speculative AI experimentation.
Prediction:
+1 The Kyndryl-AWS expanded SCA will accelerate enterprise agentic AI adoption by 300-400% over the next 18 months, with the 11,000-certified professional army serving as the primary catalyst for production deployments.
+1 AWS Transform and KAF will become the de facto standard for mainframe modernization, reducing average migration timelines from 36-48 months to under 12 months for most enterprises.
-1 Organizations that fail to implement proper security controls (IAM, Continuum, Cedar) for their agentic AI deployments will face significant data breaches and compliance violations within the first year of production rollout.
+1 The European Sovereign Cloud integration positions Kyndryl-AWS as the dominant force in regulated EU markets, capturing significant market share from competitors lacking similar sovereignty capabilities.
-1 The skills gap in agentic AI operations will create a bottleneck, with demand for certified professionals far exceeding supply — potentially slowing adoption for organizations outside the Kyndryl ecosystem.
▶️ Related Video (68% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Andrei Gavri – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


