I attended the Kiro and Amazon Quick Fiesta event in Malaysia

I attended the Kiro and Amazon Quick Fiesta event in Malaysia

AWS's first agentic AI event in Malaysia showcased Kiro and Amazon Quick — two products designed to turn AI agents from demos into production workflows. Here's what happened, what I learned, and why the workflow framing matters more than the speed-up promises.
2026.07.17

I spent the day at the Kiro and Amazon Quick Fiesta Malaysia, AWS's first local event dedicated to its two agentic AI products: Kiro, an agentic IDE for developers, and Amazon Quick, an agent-powered work companion for everyone else. Held at M World Hotel, Kuala Lumpur on 14 July 2026.

Event badge and booth stamp card
Badge and booth passport — six booths, six stamps.

Main ballroom filling up before the keynote
The ballroom before the 9:45am keynote.

Where the products sit in the portfolio

A portfolio slide put both products in context — Kiro and Amazon Quick sit at the applications and agents layer, on top of Bedrock/AgentCore, on top of SageMaker and the AI compute layer (Trainium, Inferentia, GPUs), with security and policies wrapped around the whole stack. Notably, "Frontier Agents" now includes a Kiro autonomous agent, an AWS DevOps Agent and an AWS Security Agent.

AWS AI portfolio slide showing layers from infrastructure to frontier agents
The AWS AI portfolio. Kiro and Amazon Quick sit at the top; everything below is plumbing.

Amazon Quick: agents for the rest of the org

If Kiro is for people who write code, Amazon Quick is for everyone who doesn't. It bundles six capabilities into one surface:

Amazon Quick architecture slide
Amazon Quick's components, sitting on company data, world knowledge and actions in third-party apps.

  • Spaces — organise files, dashboards and data sources into a workspace per project.
  • Chat Agents — custom AI assistants grounded in your business knowledge.
  • Research — deep-dive analysis producing professional, citable reports.
  • Quick Sight — the BI and visualisation piece, now folded in.
  • Flows — no-code workflow automation over pre-defined steps.
  • Automate — complex, multi-step automation of entire business processes.

Underneath: company data via 40+ data connectors, uploaded files and QuickSight data; world knowledge via Bedrock models and web search; and actions into third-party apps. Governance, access controls, guardrails, Responsible AI and regulatory compliance run across all of it — which is the part that actually decides whether an enterprise can deploy this.

Fireside: From Code to Customer

Christopher Thong (Head of Solutions Architecture, AWS Malaysia) hosted Raunak Kathuria (VP of Engineering, Deriv), Hiroki Kobayashi (Head of Integration, NTT Data Payment) and Neil Tomkinson (CIO, U Mobile) on how AI agents are rewiring trading, telco and payments.

Fireside chat slide: From Code to Customer panel
Practitioners from trading, payments and telco

The breakouts

Two afternoon tracks across four halls, mixing hands-on labs (L200–L300) with presentations.

Breakout sessions grid showing four halls and two time slots
The breakout grid. Hall A and B ran hands-on Kiro and Quick labs; C and D went deeper on ops, security and MCP.

Time Hall A Hall B Hall C Hall D
1:15–2:30 Kiro: Agentic Coding
(Hands-on · L200)
Amazon Quick: AI Work Companion
(Hands-on · L200)
Kiro CLI for Cloud Operations
(Hands-on · L300)
ML Development with Kiro & SageMaker AI
(Hands-on · L300)
3:00–4:15 Kiro: Agentic Coding
(Hands-on · L300)
Amazon Quick: AI Work Companion
(Hands-on · L300)
Frontier Agents for Security, DevOps and Finance
(Presentation · L200)
MCP and Skills deep dive
(Presentation · L200)

Kiro, properly explained

Thenesh (Solutions Lead) gave the clearest framing of Kiro I've heard: an agentic AI development environment from prototype to production. The emphasis is on that last part. Plenty of tools get you a demo; Kiro's pitch is the path from demo to something you'd deploy.

Kiro session title slide
"Agentic AI development environment from prototype to production."

Spec-driven development

Kiro IDE slide explaining spec-driven development
Kiro turns a prompt into requirements, system design and discrete tasks — before writing code.

This is the differentiator. Instead of prompt → code, Kiro does prompt → spec → code:

  1. Kiro turns your prompt into clear requirements, a system design and discrete tasks.
  2. You iterate with Kiro on the spec and the architecture — the cheap place to be wrong.
  3. Kiro's agents implement the spec while keeping you in control.

The insight is that reviewing a spec is far cheaper than reviewing 400 lines of generated code, and disagreements surface before implementation instead of after.

Agent hooks

Kiro IDE slide explaining agent hooks
Hooks fire on events like "file save" and run agents in the background.

Delegate tasks to agents that trigger on events such as a file save, running autonomously in the background against pre-defined prompts. The stated use cases — generating documentation, unit tests, optimising performance — are all the things everyone agrees are important and nobody does.

Timeline checkpointing

Kiro IDE slide explaining timeline checkpointing
Snapshot, explore, roll back. The safety net that makes autonomy tolerable.

Kiro snapshots the contents of each modified file and restores that snapshot when you revert to a checkpoint, letting you roll back to any point in the execution log. This is what makes it reasonable to let an agent run further before you check on it — you can safely explore multiple approaches to a problem and throw away the ones that don't work.

Custom agents and subagents (Kiro CLI)

Kiro CLI slide showing custom agents and the agent list output
A default agent roster: devops-agent, security-guardian, dba-agent, fullstack-developer, qa-agent and more.

The CLI ships with a roster of specialised agents and lets you define your own with pre-approved tool permissions, context files and prompts. The part I'll actually use: Kiro Subagents run in parallel with isolated context, independent execution, and task updates and summaries on completion.

Kiro Powers

Slide listing Kiro Powers benefits
Powers: packaged expertise, loaded on demand to avoid context overload.

"Powers" are packaged, opinionated guidance — best practices from ISVs and experts, one-click download for IDE use, dynamically loaded to avoid context overload, customisable, and shareable with the community. Think of it as expertise as a dependency.

Kiro on iOS

Slide announcing Kiro as a native iOS app in gated preview
Cloud sessions that keep running, diffs built for mobile, same agent and same context.

The announcement that got the room's attention: Kiro as a native iOS app, in gated preview. Start a cloud session that never stops, check back later, review diffs built for mobile — same agent, same context. Kick off work, go to lunch, review on the way back.

MCP and Skills deep dive

The Hall D session was the most technically satisfying. It opened with the cleanest justification of MCP I've seen on a slide: before MCP, every app wrote to every tool — M apps × N tools = M×N integrations.

Slide explaining why Model Context Protocol exists
The M×N problem MCP exists to collapse into M+N.

The worked example was a nice touch of self-reference — FiestaDB, an MCP server for the event's own app: a thin Python wrapper exposing four read-only tools (list_sessions, list_attendees, registration_summary, read_query) over a SQLite database. The client (Kiro) speaks MCP to the wrapper; the wrapper speaks SQL to the database. The wrapper is the only new code.

Slide showing the FiestaDB MCP server architecture
FiestaDB: four tools, read-only, one thin wrapper. A good template for a first MCP server.

Then the scale-up: an enterprise-grade remote MCP server on Amazon Bedrock AgentCore Gateway + Runtime, with authentication, identity and observability handled by the platform rather than your wrapper.

Slide showing enterprise grade remote MCP server on Bedrock AgentCore
The production version, via AgentCore Gateway + Runtime.

Slide showing Agent Toolkit for AWS
Agent Toolkit for AWS: MCP Server, Skills and Plugins.

The Agent Toolkit for AWS rounds it out with three pieces: an AWS MCP Server (a secure, authenticated endpoint letting agents use AWS APIs and search current docs, with IAM controls), Agent Skills (curated AWS procedures loaded on demand, so agents complete workflows with less trial-and-error), and Agent Plugins (install packages connecting popular coding agents to the MCP Server and curated skills).

Skills — and their security footguns

The session went into the SKILL.md specification: required frontmatter (name, max 64 chars; description, max 1024 chars covering what it does and when to use it), optional licence, compatibility and metadata. The guidance on descriptions was blunt:

SKILL.md
---
name: pdf-processing
description: Extracts text and tables from PDF files, fills PDF forms, and
  merges multiple PDFs. Use when working with PDF documents or when the user
  mentions PDFs, forms, or document extraction.
---

A good description says all of that. A poor one says "helps with PDFs."

Slide showing the SKILL.md specification
The SKILL.md spec. Keep SKILL.md under 500 lines; keep references one hop deep.

The slide that made the room go quiet was the security one.

Six patterns were laid out:

  • Prompt injection — instruction override, ignore-safety, hidden directives in comments, behaviour manipulation.
  • Data exfiltration — external URL transmission, env-var harvesting via API keys, file system enumeration, channel leakage to external.
  • Supply chaincurl | bash remote execution, obfuscated code, unpinned or vulnerable dependencies, typosquatting packages.
  • Excessive agency — unrestricted tool access, autonomous high-impact decisions, scope creep beyond stated purpose, unbounded resource access.
  • Rogue agent — self-modification, unauthorised persistence, memory poisoning across sessions, escalation to supervisory.
  • Trigger abuse — overly broad trigger patterns, invisible activation, keyword baiting, anti-refusal exploitation.

Slide showing six vulnerability patterns in skills
A skill is executable code with a friendly name. Review it like code.

The mitigation guidance was sensible and unglamorous: audit all files, not just SKILL.md; pin dependencies; gate archival; implement least privilege; test actions. The underlying point is worth repeating — a skill is code you're installing. The fact that it arrives as friendly markdown instead of a package doesn't change the threat model.

The expo floor

The booths avoided the usual brochure-and-lanyard trap by actually demoing things. Two stood out.

The first was Service Screener MCP + Amazon Quick — a deterministic Well-Architected assessment exposed to agents, turning findings into automated fixes. The demo flow was concrete: ask "what are my high-severity issues?", get findings grouped by service (Lambda, EC2, IAM, CloudWatch), then "fix the Lambda ones" → the agent proposes deleting unused functions and scoping over-permissive roles, you approve, remediations apply. The framing on screen — AI proposes, you approve — is exactly the pattern the keynote was arguing for.

Booth demo of Service Screener MCP with Amazon Quick
Service Screener MCP feeding Well-Architected findings to Amazon Quick, with human approval before remediation.

The second was pure fun with a serious core: the AWS Agentic Football Cup, where AI agents manage football teams — spending tokens on tactics, with live agent stats and match reports. Underneath the pixel art it's a legible demo of multi-agent systems competing under constraints. Golden Strikers took it 3–0.

AWS Agentic Football Cup demo showing a match with live agent stats
The Agentic Football Cup. Silly on the surface, a real multi-agent demo underneath.

AWS also used the floor to recruit — a Kiro Ambassador program offering community leadership, early access to Kiro releases, and swag support for meetups, with a Kiro backpack for the first 30 successful applicants.

Kiro Ambassador recruitment banner
"We want you!" — the Kiro Ambassador program.

Summary

  1. The workflow framing is right, and it's uncomfortable. Measuring AI by individual speed-up is easy and mostly meaningless. Pointing it at a workflow means confronting the handoffs and approvals your org has quietly built its structure around — which is why most teams don't.
  2. Spec-driven development is Kiro's actual differentiator. Not autocomplete quality. Reviewing a spec beats reviewing generated code, because you catch the misunderstanding before it becomes 400 lines.
  3. Checkpointing is what makes autonomy usable. Give an agent more rope only when you can pull it back cleanly. The rollback is the feature, not the safety blanket.
  4. Skills are code. A quarter of them carry vulnerabilities. Read them before you install them, the same way you'd read any dependency you're granting tool access to.
  5. Start your MCP server small. FiestaDB was four read-only tools and a thin wrapper. That's a weekend, not a quarter — and AgentCore is there when it needs to be a real service.

この記事をシェアする

関連記事