AWS made Graviton5-powered M9g and M9gd instances generally available on June 10. The headline number is 192 ARM cores — double Graviton4’s 96 — but the figure that matters more for security-conscious teams is 330,000: the lines of machine-checked proof that AWS used to mathematically verify VM isolation for the first time in commercial cloud history.
The Performance Numbers Hold Up
AWS’s official claims are aggressive: 25% better compute performance, 35% faster web apps, 35% faster ML inference, and 30% faster databases versus M8g. Preview customers validated them. ClickHouse saw a 36% performance boost with zero code changes. HubSpot’s MySQL query durations dropped by up to 60%. Honeycomb measured 36% better throughput per core across a six-month A/B test on production observability workloads.
The pricing math is straightforward: M9g on-demand runs 9% more than M8g, but delivers roughly 15% better price-performance. You pay a small premium to get a meaningful gain. For most general-purpose workloads already on Graviton, this is a clear upgrade.
What Actually Changed in the Hardware
The jump from Graviton4 to Graviton5 is not incremental. The processor moves from Armv9.0 to Armv9.2-A (Arm Neoverse V3 cores), shrinks to a 3nm TSMC process, and nearly doubles core count. The L3 cache grows from roughly 36MB to 180–192MB — five times larger — which is the biggest single-chip cache in any cloud VM today. Memory steps up to DDR5-8800, the fastest available in the cloud, and PCIe jumps to Gen 6.
For storage-heavy workloads, the M9gd variant offers up to 11.4 TB of NVMe SSD with 30% higher IOPS than its predecessor. Network bandwidth increases 15% on average, with the largest instance sizes getting double the throughput.
The Security Story Nobody Is Talking About
The most significant Graviton5 story is not the core count. AWS shipped the Nitro Isolation Engine — a small Rust component that sits beneath the Nitro Hypervisor and intercepts every operation that touches guest VM state. Before any hypervisor action reaches your VM’s memory, the Isolation Engine checks it.
The verification is mathematical. AWS published 330,000 lines of machine-checked proofs in Isabelle/HOL establishing confidentiality and integrity: your VM’s data cannot be read or modified by unauthorized entities. The New Stack framed it well: AWS can now mathematically prove your VMs are isolated. This is the first formally verified hypervisor deployed in a production commercial cloud — not a research project, not a government system. It ships as an always-on feature for every Graviton5 user.
For teams running regulated workloads — fintech, healthcare, multi-tenant AI inference — this is a categorically different level of assurance than an audit or penetration test provides.
Built for Agentic AI, Not Just VMs
AWS’s positioning is deliberate. Graviton5 is purpose-built for agentic AI workloads — real-time reasoning, code generation, and multi-step task orchestration — where processors must handle large numbers of concurrent environments simultaneously and keep GPU and TPU accelerators fed rather than stalled. The M9g instance page reflects this: agentic AI appears first in the use-case list, ahead of microservices and containerized applications.
Azure is playing the same hand. Cobalt 200 launched at Build 2026 with 132 ARM cores and a 50% performance gain over Cobalt 100. ARM is no longer winning only on power efficiency — it is winning on raw throughput for the workloads that define 2026.
Who Should Switch Now
If you are already on Graviton4 and running Linux workloads in US-East, US-West, or EU-Frankfurt, the migration is low-friction. Interpreted languages — Python, Node.js, Ruby, Java, Go — are architecture-agnostic and most workloads move without recompilation. Validate that your observability agents (Datadog, Splunk, and similar) have ARM64 builds, check your Savings Plans coverage, and run a short Spot test before committing reserved capacity.
If you are on x86 (Intel or AMD M-series), the calculus is different. ARM64 is not a drop-in replacement — test your full dependency tree first. Windows workloads stay on x86 for now; M9g is Linux-only.
Two groups should wait: anyone in regions not yet served (Singapore is still on Graviton4 in limited availability) and anyone running workloads with native binaries that have not been tested on ARM64. The AWS GA announcement has the full migration checklist. The performance gains are real, but they do not arrive automatically.













