By AWS just announced Kiro, an AI coding agent that claims to work autonomously for days at a time. At re:Invent in December 2025, Amazon unveiled three “frontier agents” designed to shift development from AI-assisted coding to truly autonomous programming. Before you hand your codebase to an AI that runs unsupervised for 48 hours, here’s what the research actually says about productivity.
What “Autonomous for Days” Actually Means
Kiro is part of AWS’s frontier agents lineup—a new class of AI that handles coding tasks independently for extended periods. You assign work by adding a “kiro” label to GitHub issues, and it gets to work: writing code across multiple repositories, running tests, and creating pull requests. It can juggle up to 10 concurrent tasks and maintains persistent context across sessions, learning from your team’s feedback over time.
Here’s the critical detail AWS downplays: Kiro creates pull requests but never auto-merges them. “Autonomous” doesn’t mean unsupervised—it means you’re not babysitting every line of code, but you’re absolutely reviewing the output before it hits production. This isn’t a replacement developer; it’s a developer that works while you sleep, then asks for approval in the morning.
The Productivity Paradox Nobody Talks About
AWS’s pitch hinges on productivity gains. The problem? Independent research tells a different story.
A July 2025 study from METR recruited 16 experienced developers to work on 246 real issues from large open-source repositories. When developers used AI tools like Cursor Pro with Claude, they completed tasks 19% slower than working without AI. Yet these same developers estimated they were 20% faster when using AI tools.
The perception-reality gap is stunning. Developers feel faster because AI generates code quickly, but they’re actually slower when you measure total time to completion. Why? Because they’re spending cycles checking AI output, debugging hallucinations, and fixing security issues the AI introduced.
Contrast this with vendor-funded research from GitHub, Google, and Microsoft claiming 20-55% productivity improvements. The discrepancy reveals a measurement problem: vendor studies often measure “time to first working code” while ignoring time spent on review, debugging, and fixing AI mistakes.
The Security Crisis Accelerating Beneath the Surface
Speed isn’t the only concern. Veracode’s 2025 analysis of over 100 LLMs across 80 real-world coding tasks found that AI introduces security vulnerabilities in 45% of cases. Even top-performing models only produce secure and correct code 56% of the time without explicit security prompting.
Cross-site scripting vulnerabilities? AI coding tools fail to generate secure code 86% of the time. The problem runs deeper than individual bugs: AI agents default to outdated security practices because they’re trained on historical code. They suggest key-based authentication when identity-based approaches are standard. They ignore zero-trust architectures because the training data predates those patterns.
The industry is entering a dangerous phase where code reaches production faster than security teams can examine it. Kiro can work for days unsupervised, but someone still needs to audit days worth of code for vulnerabilities before merging. The productivity gain disappears when you account for security review time.
How This Compares to GitHub Copilot
GitHub Copilot evolved significantly in 2025, now offering three modes: Ask (conversational help), Edit (targeted changes), and Agent (multi-step tasks). Copilot’s coding agent spins up a secure GitHub Actions environment, works on its own branch, and opens pull requests for review—similar to Kiro’s approach.
The difference is architectural. Copilot focuses on single-task completion within your IDE. Kiro aims for multi-day, multi-repository work using a specification-driven approach with requirements files, design documents, and task checklists. Copilot wins on enterprise trust with IP indemnity and SOC 2 compliance. Kiro bets on AWS ecosystem integration and persistent context.
Both require human review. Neither auto-merges. If you’re evaluating tools, the choice depends less on capabilities—which are converging—and more on which ecosystem you’re already invested in.
What This Means for Developers
The developer role is transforming, not disappearing. By 2026, experts predict AI will generate 90% of code. That doesn’t eliminate programming jobs—it changes what those jobs entail. Developers become system designers who plan architectures, AI orchestrators who manage agent outputs, and quality guardians who ensure security and maintainability.
Junior developers face the biggest shift. When AI handles routine coding tasks, entry-level roles evolve from writing code to reviewing it. That creates a code review bottleneck: junior developers using AI produce more code, which senior developers must review more carefully to catch security issues and logical errors.
But AI still can’t handle product thinking, cross-service coordination, or nuanced debugging. You still need sharp engineers to step in when the autonomous agent inevitably gets stuck.
The Bottom Line
Kiro represents real technological progress. AI agents that maintain context across days and learn from feedback are legitimately useful for low-to-medium complexity tasks in well-tested codebases. But “autonomous for days” doesn’t mean you can hand it your production system and walk away.
The productivity paradox—thinking you’re faster while actually being slower—suggests we’re optimizing for the wrong metrics. The security vulnerabilities in 45% of AI-generated code suggest we’re deploying faster than we’re securing. And the persistent need for human review suggests “autonomous” is marketing language, not technical reality.
Worth watching? Absolutely. Worth betting your career on? Not yet. The technology needs to close the gap between perception and reality, between speed and security, between autonomous and unsupervised.
