GPT-5.6 (Sol / Terra / Luna) is now evaluated on TrustVector โ€” with day-1 independent verification, incl. METR's benchmark-cheating findings.

Read the evaluation
Evaluation record ยท amazon-kiro

Kiro

vGA (IDE + CLI)

Amazon Web Services (AWS)

Agentidespec-drivenawsproprietary
68
Adequate
About This Agent

AWS's spec-driven agentic IDE and CLI: it turns prompts into structured specs (requirements.md in EARS notation, design.md, tasks.md) before implementing, alongside a freeform vibe mode, agent hooks, and steering files. Preview 2025-07-14, GA 2025-11-17; official successor to Amazon Q Developer. Available in AWS GovCloud (US) with IAM Identity Center integration, signaling a regulated-workload posture (FedRAMP High authorization in progress, not yet granted).

Last Evaluated: July 9, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

๐Ÿš€Performance & Reliability
+
task completion accuracy

Assessment of implementation accuracy on spec-driven workflows from vendor documentation and independent reviews; vibe mode performs comparably to peer agents

Evidence
Kiro Blog - General Availability โ€” GA (2025-11-17) added property-based testing that validates implementations against spec correctness, checkpoints, and a terminal CLI; spec grounding measurably reduces off-target implementations versus pure prompting
mediumVerified: 2026-07-09
tool use reliability

Review of agent tool loop reliability across editor, terminal, hooks, and MCP integrations

Evidence
Kiro Documentation โ€” Agent reliably drives file edits, shell execution, MCP tools, and agent hooks (event-triggered automations on file save/create) across IDE and CLI
mediumVerified: 2026-07-09
multi step planning

Evaluation of structured planning artifacts and task sequencing; the strongest explicit-planning model among evaluated coding agents

Evidence
Kiro Documentation - Specs โ€” Spec-driven development is the product's core: requirements.md (EARS notation), design.md, and tasks.md decompose work into reviewable, sequenced implementation tasks before any code is written
highVerified: 2026-07-09
memory persistence

Review of steering files, spec persistence, and cross-session context retention

Evidence
Kiro Documentation - Steering โ€” Steering files persist project conventions and context across sessions; specs themselves are durable artifacts that carry design intent between tasks and contributors
mediumVerified: 2026-07-09
error recovery

Assessment of autonomous iteration, checkpoint rollback, and documented failure modes

Evidence
Kiro Blog - General Availability โ€” Iterates on failing tests and task-level errors; GA checkpoints allow rolling back agent work. Autopilot mode can pursue unproductive paths, consuming credits until interrupted
mediumVerified: 2026-07-09
agent collaboration

Review of custom agent profiles and parallel execution capabilities

Evidence
Kiro Documentation - CLI โ€” Custom agents with scoped permissions, context, and prompts run specialized tasks in the CLI; orchestration is task-parallel rather than a coordinated multi-agent manager
mediumVerified: 2026-07-09
๐Ÿ›ก๏ธSecurity
+

Kiro has had real vulnerabilities (AWS-2025-019 prompt injection, CVE-2026-0830 RCE), but AWS's disclosure discipline โ€” numbered security bulletins, prompt fixes, researcher credit โ€” plus GovCloud/IAM controls give it a stronger institutional security posture than most agent-IDE peers.

tool sandboxing

Security review of the approval model; supervised defaults and allowlists are sound, but local execution without OS-level sandboxing and an opt-in full-autonomy mode limit the score

Evidence
AWS Security Bulletin AWS-2025-019 โ€” Prompt-injection paths could execute code without human-in-the-loop confirmation in Autopilot and Supervised modes; fixed in Kiro 0.1.42 (2025-08-01) by requiring HITL confirmation in Supervised mode
Kiro Documentation - CLI Security โ€” Supervised mode requires approval for file changes and commands with a trusted-commands allowlist; Autopilot executes without per-step approval and runs directly on the user's machine (no VM/container isolation)
mediumVerified: 2026-07-09
access control

Review of identity integration and centralized administration; inheriting AWS IAM Identity Center is best-in-class among coding agents

Evidence
Kiro Documentation - IAM โ€” Enterprise sign-in via AWS IAM Identity Center with subscriptions (Pro/Pro+/Power) assigned and managed centrally from the AWS Management Console; individuals use AWS Builder ID or social login
AWS - Kiro now available in AWS GovCloud (US) โ€” GovCloud (US-East/US-West) availability since 2026-02-16 mandates IAM Identity Center authentication, bringing Kiro inside government compliance boundaries
highVerified: 2026-07-09
prompt injection defense

Assessment of demonstrated injection paths against AWS's remediation record; multiple real flaws, but consistently patched with published security bulletins and researcher credit

Evidence
Embrace The Red - AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection โ€” Demonstrated indirect prompt injection to arbitrary command execution (since fixed); AWS-2025-019 formalized the fixes with HITL requirements and invisible-control-character handling
NVD - CVE-2026-0830 โ€” CVE-2026-0830: command injection via crafted workspace folder names in the GitLab helper enabled RCE; fixed in Kiro 0.6.18
mediumVerified: 2026-07-09
data isolation

Data architecture review of encryption, regional isolation, and AWS infrastructure inheritance

Evidence
Kiro Documentation - Data Protection โ€” TLS 1.2+ in transit, AWS KMS encryption at rest, AWS shared-responsibility model; GovCloud regions keep traffic and data within the government boundary
mediumVerified: 2026-07-09
open source transparency

Source availability assessment crediting the OSS base, public issue tracker, and formal security-bulletin practice

Evidence
Kiro FAQ โ€” Built on Code OSS with Open VSX extension compatibility, but the agent, orchestration, and service are proprietary; AWS publishes security bulletins (AWS-2025-019) and a public GitHub issue tracker
highVerified: 2026-07-09
๐Ÿ”’Privacy & Compliance
+
data retention

Review of default collection settings by tier; enterprise defaults are strong, consumer opt-out-required defaults cost points

Evidence
Kiro Documentation - Data Protection โ€” Free-tier and social-login users have telemetry AND content collection (prompts, code snippets) enabled by default for service improvement, with opt-out toggles; paid users via IAM Identity Center or external IdP are automatically excluded from content collection
highVerified: 2026-07-09
gdpr compliance

Compliance posture assessment; AWS program inheritance and the GovCloud boundary are credited, pending product-specific FedRAMP authorization

Evidence
Kiro Blog - Kiro loves regulated workloads โ€” GovCloud (US) availability targets FedRAMP High and DoD CC SRG alignment (authorization in progress, not yet granted); Kiro inherits AWS's compliance program breadth (SOC, ISO, GDPR DPA) as an AWS service
mediumVerified: 2026-07-09
third party data sharing

Data flow analysis of model routing; AWS-managed processing narrows the third-party surface versus multi-vendor routing

Evidence
Kiro Documentation - Models โ€” Prompts and code are processed by Anthropic Claude models (Sonnet 4.5/4.6, Haiku 4.5, Opus 4.6+) and the Auto router within AWS-managed infrastructure; Bedrock routing is press-reported rather than officially documented
mediumVerified: 2026-07-09
local deployment option

Deployment options assessment with partial credit for the GovCloud regional option

Evidence
Kiro Documentation โ€” IDE and CLI run locally but all model inference is cloud-based; no offline mode. GovCloud regions offer a compliance-boundary alternative rather than self-hosting
highVerified: 2026-07-09
๐Ÿ‘๏ธTrust & Transparency
+
documentation quality

Documentation completeness review

Evidence
Kiro Documentation โ€” Comprehensive docs across IDE, CLI, web, and autonomous agent surfaces, including dedicated privacy/security and data-protection sections per surface, billing docs, and a public changelog
highVerified: 2026-07-09
execution traceability

Review of task-level visibility, diff review workflow, and checkpoint history

Evidence
Kiro Blog - General Availability โ€” Task-by-task execution against tasks.md with diffs, checkpoints for rollback, and hunk-level approval in Supervised mode make agent work reviewable step by step
mediumVerified: 2026-07-09
decision explainability

Assessment of upfront rationale artifacts; spec-driven development is inherently an explainability mechanism

Evidence
Kiro Documentation - Specs โ€” Requirements in EARS notation, an explicit design document, and a sequenced task list mean the agent's intent is written down and human-editable before execution โ€” the most explainable workflow in the category
highVerified: 2026-07-09
open source code

Open source assessment

Evidence
Kiro FAQ โ€” Proprietary agent and service on a Code OSS base; no published agent internals or model details beyond the models list
highVerified: 2026-07-09
community activity

Community engagement analysis across waitlist demand, issue tracker, and Discord activity

Evidence
Kiro Blog - The wait(list) is over โ€” Hundreds of thousands joined the preview waitlist within 90 days of the July 2025 launch; active public GitHub issue tracker and Discord, though community trust took a hit in the August 2025 pricing episode
mediumVerified: 2026-07-09
โš™๏ธOperational Excellence
+
ease of integration

Onboarding and integration friction assessment

Evidence
Kiro Documentation โ€” VS Code settings and Open VSX extension compatibility ease migration; sign-in supports social login, AWS Builder ID, or IAM Identity Center. Spec-first workflow has a learning curve versus chat-first tools
highVerified: 2026-07-09
scalability

Scalability assessment of team administration and AWS service backing

Evidence
Kiro Blog - General Availability โ€” Team plans with centralized management, a CLI for automation, and AWS-scale service infrastructure; execution remains local-machine-bound rather than cloud-parallel
mediumVerified: 2026-07-09
cost predictability

Pricing model analysis; current tiers are clearer, but variable per-task credit burn, model multipliers, and the 2025 metering episode temper predictability

Evidence
Kiro Pricing โ€” Free 50 credits/mo; Pro $20 (1,000 credits); Pro+ $40 (2,000); Pro Max $100 (5,000); Power $200 (10,000); overage $0.04/credit; model choice changes credit burn (Sonnet 4.6 ~1.3x Auto). GovCloud pricing ~20% higher with no free tier
The Register - AWS pricing for Kiro dev tool 'a wallet-wrecking tragedy' โ€” August 2025 pricing rollout drew heavy backlash amid a metering bug consuming 4-6x expected requests; AWS waived and refunded August charges and later restructured to the current credit tiers
highVerified: 2026-07-09
monitoring capabilities

Monitoring and usage governance assessment leveraging AWS console integration

Evidence
Kiro Documentation - IAM โ€” Admins assign and monitor subscriptions from the AWS Management Console; per-user credit usage dashboards and centralized billing through AWS accounts
mediumVerified: 2026-07-09
production readiness

Product maturity and vendor commitment assessment; GA status, succession positioning, and regulated-market investment all indicate durability

Evidence
Kiro Blog - General Availability โ€” GA since 2025-11-17 with AWS backing as the official successor to Amazon Q Developer (Q signups closed 2026-05-15, end-of-support 2027-04-30; newest Claude models Kiro-exclusive from 2026-05-29); GovCloud availability signals long-term enterprise commitment
highVerified: 2026-07-09
Strengths
  • +Spec-driven development (EARS requirements, design docs, task lists) is the most explainable and auditable agent workflow in the category
  • +Best-in-class enterprise identity: IAM Identity Center integration with centralized AWS console administration
  • +AWS GovCloud (US) availability (since 2026-02-16) with FedRAMP High/DoD CC SRG alignment in progress โ€” unique among agentic IDEs
  • +Disciplined security response: numbered AWS security bulletins (AWS-2025-019), prompt fixes (0.1.42, 0.6.18), researcher credit
  • +Enterprise/IdP users are automatically excluded from telemetry and content collection
  • +Strong vendor commitment as the official Amazon Q Developer successor, with GA team plans, CLI, and property-based spec testing
Limitations
  • !Real vulnerability history: AWS-2025-019 prompt-injection code execution and CVE-2026-0830 workspace-name RCE (both patched)
  • !Autopilot mode executes commands without per-step approval on the local machine, with no OS-level sandbox
  • !Free-tier/social-login defaults collect prompts and code content for service improvement unless opted out
  • !Credit consumption varies by task complexity and model choice; the August 2025 metering bug and pricing backlash damaged cost trust
  • !Cloud-only inference with no self-hosted option; Claude-only model lineup
  • !Spec-first workflow adds overhead for small tasks, and date reporting on its GA has been muddied by conflicting secondary sources (GA verified as 2025-11-17; a May 2026 GA date circulating in SEO articles conflates later Q Developer retirement milestones)
Metadata
license: Proprietary (built on Code OSS; Open VSX extension ecosystem)
supported models
0: Auto (default router)
1: Anthropic Claude Sonnet 4.5/4.6
2: Anthropic Claude Haiku 4.5
3: Anthropic Claude Opus 4.5/4.6/4.7 (newest Claude models Kiro-exclusive within AWS tooling from 2026-05-29)
programming languages
0: All languages supported by the VS Code ecosystem
deployment type: Local IDE (Code OSS fork) + CLI with cloud model inference; commercial AWS regions and AWS GovCloud (US-East/US-West)
tool support
0: Specs (requirements/design/tasks)
1: Agent hooks (event-triggered automations)
2: Steering files
3: MCP servers
4: Terminal CLI with custom agents
5: Checkpoints and property-based spec testing
first release: Public preview 2025-07-14 (waitlisted within a week due to demand, lifted Oct 2025); GA 2025-11-17. Note: some secondary sources claim a March 2026 startup beta or May 2026 GA โ€” primary sources (kiro.dev, AWS) date GA to 2025-11-17
pricing: Free 50 credits/mo; Pro $20/mo (1,000 credits); Pro+ $40/mo (2,000); Pro Max $100/mo (5,000); Power $200/mo (10,000); overage $0.04/credit; GovCloud ~20% premium, no free tier, IAM Identity Center required
company: Amazon Web Services; Kiro is the designated successor to Amazon Q Developer (Q signups blocked 2026-05-15, end-of-support 2027-04-30)
security incidents: AWS-2025-019 (2025-10-07): prompt-injection code execution without HITL confirmation, fixed in Kiro 0.1.42; CVE-2026-0830: command injection via workspace folder names in GitLab helper (RCE), fixed in 0.6.18; included in the Dec 2025 'IDEsaster' multi-vendor AI-IDE vulnerability research

Use Case Ratings

code generation

Spec-driven workflow excels on well-defined features and team codebases where design intent must be documented; vibe mode covers quick tasks

data analysis

Solid for building analysis pipelines with AWS service integration, though not an analytics tool itself

education

Specs teach requirements thinking and the free tier lowers the barrier, making it unusually good at showing how professional software gets planned

research assistant

MCP tools and steering help with technical research inside projects, but general research is outside its design focus