What’s Happening
AWS’s New York Summit 2026 featured a string of customer-led sessions that collectively painted a clear picture of how generative AI is reshaping the software development lifecycle from end to end. Three organizations, Net Smart (healthcare IT), Avis Budget Group (global car rental and travel), and Virgin Australia (aviation), shared how they are deploying tools including Amazon Kiro, AWS Transform, Amazon Bedrock Agent Core, and Amazon Connect to drive measurable productivity gains, accelerate modernization, and build composable agentic AI ecosystems. The throughline across all three stories: AI is no longer a feature bolt-on. It is becoming the operating system for how software gets planned, built, tested, shipped, and run.
The Bigger Picture
AI Is Moving Up the Value Chain in the SDLC
The most significant signal from this event is not that developers are using AI to write code faster. That story is already well documented. The more consequential shift is that AI is now compressing time and effort across phases of the SDLC that have historically been neglected: requirements specification, peer code review, dependency modernization, compliance testing, and incident response.
Net Smart quantified this shift in concrete terms. The teams saw an 80% reduction in time to develop software using custom agents, a 64% reduction in peer code review time across 25 to 30 teams, and a 66% reduction in incident response time using Kiro-assisted agents before Amazon’s DevOps Agent was even generally available. A year-long Angular modernization project was completed by a single engineer in three months. A five-month project finished in one. These are not rounding errors; they represent a fundamental reallocation of engineering capacity.
The Amazon Stores perspective added useful quantitative framing. Their internal analysis found that less than 30% of developer time is actually spent developing. Seventy percent sits in adjacent activities: design, review, deployment coordination, maintenance. That breakdown is consistent with a decade of analyst tracking. What’s changed is the acceleration of the coding phase itself. As one executive noted in conversation, developer time spent writing code has dropped from roughly one-third to closer to 20% as AI handles more generation work. The bottleneck has moved. It is now sitting squarely in requirements, testing, and governance workflows, and that is where the next wave of productivity investment is heading.
ECI Research’s 2025 Application Development survey found that 83.8% of respondents use code scan tools during CI/CD processes, reflecting strong pipeline automation maturity. But pipeline security is only one layer of the SDLC. The customer stories at this event illustrate that the adjacent layers, from specification through review through operations, are now the active frontier. Organizations that only automate code scanning while leaving review, documentation, and incident response to manual processes are leaving significant efficiency gains unrealized.
What This Means for ITDMs
For IT decision-makers, the economic case for agentic AI in development is becoming easier to model and harder to ignore. The Net Smart examples provide a rough blueprint: a large portfolio of legacy applications, an engineering team under competitive pressure, and a clear reduction in the cost of routine modernization work. The framework is migrate-and-modernize, apply AI to the highest-toil phases first, then extend the flywheel consistently across teams.
The Avis Budget Group story adds a complementary lesson on sequencing. Their five-phase Amazon Connect migration deliberately separated infrastructure migration from AI feature adoption. “Migrate first, modernize second” is a principle worth borrowing. The temptation to introduce AI capabilities during a migration compounds risk. Avis ran parallel systems during cutover, stabilized the foundation first, and is now in a position to layer in Amazon Nova Sonic, Bedrock-based knowledge bases, and generative IVR features from a stable operational baseline.
The governance and compliance dimension is not optional. EU Cyber Resilience Act requirements for application compliance kick in by December 2027, with reporting obligations beginning September 2025. Knowledge workers building applications with natural language tooling, without embedded guardrails, create real legal and regulatory exposure. Multiple speakers at this event acknowledged that the answer is not to slow down AI adoption, but to embed compliance requirements at the specification stage rather than as a late-gate review. As the Amazon Stores perspective framed it: if accessibility or security requirements are baked into the specification from day one, the guardrail at the end of the pipeline should confirm compliance rather than discover a defect.
What This Means for Developers
The spec-driven development model that Amazon Stores has adopted deserves serious attention from engineering leaders. The pattern works as follows: use AI to reverse-engineer legacy codebases into human-readable specifications, use those specifications as the authoritative source for future migrations and feature development, and validate AI-generated implementations against the original specification in a closed loop. The result is a process that is repeatable across technology stacks, accessible to non-technical stakeholders, and auditable.
This is not a trivial workflow change. Developers accustomed to treating AI tools as intelligent autocomplete will need to reframe their mental model. The productivity gains come not from typing less code but from investing upfront in a precise, reasoned specification and then using AI to implement against it reliably. Organizations that skip the specification step and reach for rapid code generation will get inconsistent results. Those that build the discipline will find that the same specification can support migrations from Java to Python, from monolith to microservices, or from on-premises to cloud, without having to rediscover the system’s intent each time.
Virgin Australia’s architecture is the most ambitious proof point from this event. In 16 weeks, their team took all major components of Bedrock Agent Core to production, built a unified AI ecosystem with six agents and over 30 MCP tools, launched flight shopping in ChatGPT (one of three airlines globally to do so), and stood up a near-real-time geopolitical intelligence briefing tool for executive leadership that went from idea to production in under two days. The architecture is deliberately modular: channels, a gateway layer, sub-agents, connectors, and a shared observability and evaluation plane. Teams and vendors own their own integration complexity. The central platform sets interface standards and resolves non-functional concerns, like guardrails and identity, once across all agents rather than once per tool.
ECI Research’s 2025 AI Builder Summit survey found that two-thirds of enterprise AI leaders have already implemented multi-agent collaboration in live or pilot workflows. Virgin Australia’s production deployment validates that finding and shows what a mature multi-agent architecture actually looks like in a customer-facing, regulated industry. The 16-week timeline is fast for any enterprise, but Virgin’s CEO-sponsored governance framework, which triaged use cases into risk categories aligned to each of 12 compliance teams upfront, explains much of the speed. The first connector took the longest. Subsequent ones were a fraction of the time because the shared control layer was already signed off.
What’s Next
The Bottleneck Will Keep Moving
The Amazon Stores observation that AI is shifting the bottleneck from coding to adjacent phases is a structural trend, not a temporary artifact of early adoption. As code generation matures, organizations will face increasing pressure to automate peer review, compliance validation, environment consistency checks, and operational feedback loops. ECI Research finds that 92% of organizations report that AI capabilities are now integrated into at least one stage of their software delivery lifecycle, a sharp increase from 71% in early 2024. The next 12 to 24 months will be defined by how quickly that integration extends from one stage to all stages.
The Governance Imperative Will Intensify
Agentic AI in the SDLC raises governance stakes that current tooling has not fully addressed. The EU Cyber Resilience Act is one forcing function. The proliferation of knowledge workers building production workloads is another. Organizations that treat compliance as a late-pipeline gate will find those gates overwhelmed as deployment velocity increases. The emerging best practice, visible across all three customer stories at this event, is to encode compliance, security, and data governance requirements into specifications and templates at the start of the development process, not at the end. Vendors that make this encoding easy and auditable will have a significant advantage in the enterprise market over the next two years.
Stay Ahead of Application Development Trends
Get weekly analyst insights, research notes, event coverage, and AppDevANGLE updates delivered directly to your inbox.
Subscribe for Weekly Insights
Join technology leaders, practitioners, and GTM teams following the trends shaping modern software delivery.
Looking for deeper research access?
Explore ECI Research reports, survey insights, and market analysis through the ECI Research Portal.
