Tech
AWS CEO Matt Garman Wants to Reassert Amazon’s Cloud Dominance in the AI Era
You might think Amazon’s biggest swing in the AI race was its $8 billion investment in Anthropic. But AWS has also been building in-house foundation models, new chips, massive data centers, and agents meant to keep enterprise customers locked inside its ecosystem. The company believes these offerings will give it an edge as businesses of all shapes and sizes deploy AI in the real world.
WIRED sat down with AWS CEO Matt Garman ahead of the company’s annual re:Invent conference in Las Vegas to discuss his AI vision, and how he plans to extend Amazon’s lead in the cloud market over its fast-rising competitors, Microsoft and Google.
Garman is betting that AI is a service that AWS can deliver more cheaply and reliably than its rivals. Through Bedrock, Amazon’s platform for building AI apps, he says customers can access a variety of AI foundation models while keeping the familiar data controls, security layers, and reliability that AWS is known for. If that pitch holds up, it could help AWS dominate in the AI era.
“Two years ago, people were building AI applications. Now, people are building applications that have AI in them,” said Garman, arguing that AI is becoming a feature inside large products rather than a standalone experiment. “That’s the platform that we’ve built, and that’s where I think you see AWS really start to take the lead.”
Many of the announcements at this year’s re:Invent fall along these lines. Amazon unveiled new, cost-efficient AI models in its Nova series; agents that can work autonomously on software development and cybersecurity tasks; as well as a fresh offering, Forge, that lets enterprises cheaply train AI models on their own data.
The stakes are high for AWS to get this right. While Amazon’s cloud unit dominated the smartphone era, smaller rivals like Google Cloud and Microsoft Azure have grown at higher rates since the arrival of ChatGPT. Microsoft and Google have surged by tightly integrating with frontier AI models—the technology underlying ChatGPT and Gemini, respectively—attracting enterprises eager to experiment with cutting-edge capabilities.
This rise of AWS’s rivals has raised questions about Amazon’s broader AI strategy, and how the incumbent will fare in the years to come.
Garman says he’s been hearing these concerns for years, but less so in recent months. He argues that the tide is turning, pointing to AWS’s stronger-than-expected results in the company’s third quarter as evidence that his strategy is working.
Take it from me: Spending an hour with Melinda French Gates will restore at least an iota of your faith in humanity. The billionaire philanthropist, investor, and longtime advocate for women’s and girls’ rights is the rare example of an über-wealthy American who takes seriously the responsibility that their wealth confers.
In Gates’ case, she’s now channeling much of that responsibility—and billions of her own dollars—into Pivotal Ventures, a collective of organizations focused on advancing women’s interests in the US and around the world. Most recently, Pivotal announced $250 million in awards to women’s health organizations in 22 countries. Given the Trump administration’s ongoing assault on women’s interests, and diversity writ large, as well as the dystopian cuddle puddle taking place between tech industry leaders (Gates’ ex-husband, Bill, has been a part of that shift) and President Trump, it felt like a particularly salient moment to check in with Gates about, well, all of it.
From her own path through the masculine “debate club” of Big Tech to the billionaire boys who aren’t giving away the big bucks, I found myself pleasantly surprised, and even a little bit inspired, by Gates’ candor in discussing the very real challenges of this particular moment. So if you checked the news and felt even slightly infuriated this morning, keep reading. It helps to be reminded that not all billionaires are created equal—and that some of them are still pushing for more equality overall.
This interview has been edited for length and clarity.
KATIE DRUMMOND: Melinda French Gates, welcome to The Big Interview. Thank you so much for being here.
MELINDA FRENCH GATES: Thanks for having me, Katie.
So we always start these conversations with some rapid-fire questions. It’s a warmup. Get your brain working, get your muscles working. Are you ready?
I am ready.
OK, first thing you do when you wake up in the morning.
Get my coffee.
One tech product you wish you could invent for women’s health.
Self-controlled reproductive tool.
I want to hear more about that. What’s one myth about philanthropy you wish people would stop believing?
That it can solve everything.
One book everyone should read.
The Book of Awakening by Mark Nepo.
What’s a habit you refuse to give up?
Having a Coke, a real Coke over ice. I just had one.
The Coke with sugar. The real …
The use of “trusted” digital ID software to verify your identity online in the UK has taken on a statutory footing as of 1 December.
The measures contained in the Data (Use and Access) Act, which became law in June this year, have now taken effect, introducing a formal and legally backed set of standards and governance rules with which all certified providers of digital verification services (DVS) must conform.
The move is intended to provide the public with confidence when using certified digital identity apps, through a framework that shows suppliers are considered trustworthy.
The statutory regime is also likely to underpin the UK government’s plans for a national digital ID scheme, which was announced by prime minister Keir Starmer in September, and is due to go through a consultation phase early next year.
The statutory system formalises processes that have been in place on a trial basis for some time. Suppliers of DVS tools have to conform to the government’s Digital Identities and Attributes Framework (DIATF) and associated codes that add further specifications for use cases such as right to work or right to rent checks.
Once certified, suppliers are listed on a statutory register and will be able to use a trust mark to prove their conformance for potential users. So far, 48 DVS providers who have gained DIATF certification have applied to join the register.
“This regime of standards, governance and oversight helps to ensure the public can trust digital verification services offered under it in the UK,” said John Peart, CEO of the Office for Digital Identities and Attributes (OfDIA), which oversees the framework.
Critical time for digital identity
The move comes at a critical time for digital identity in the UK. Suppliers were blindsided by Starmer’s announcement of a national digital ID scheme that will be mandatory for right-to-work checks by 2029. Many in the sector believe such a national scheme undermines all the work and investment they have put in to developing apps and achieving conformance to the statutory regime.
Today (2 December 2025), representatives of DIATF-certified DVS providers are meeting with Darren Jones, Starmer’s chief secretary, who has taken on policy responsibility in the Cabinet Office for the digital ID plan.
Last week’s Autumn Budget revealed that government has put aside £1.8bn to develop the national scheme, which many suppliers say is a needless expense when they already provide apps that can deliver right-to-work checks and other services within the scope of the government proposals.
“[Government] is proposing to add £1.8bn of new costs to build a system that duplicates DVS,” said Adrian Field, director of market development at digital ID supplier OneID, writing on LinkedIn.
“Is this the best use of taxpayer funds? [The] private sector has proven that ID services can be delivered far more effectively and at far cheaper cost – why not use the efficient, effective services more?”
The meeting with Jones came about after industry representatives requested a formal collaboration on the government scheme.
The Association of Digital Verification Professionals wrote an open letter to Jones, to request a meeting to propose a cross-sector forum to “support clarity and alignment” on the digital identity scheme, noting that government messaging on its policy has made no mention of the DIATF regime.
“For over a decade, with cross-party support, the UK has developed the Digital Identity and Attribute Trust Framework – a voluntary model that protects individual rights, lets government regulate and allows industry to innovate,” the letter said.
“It is unclear whether the aim is a new national digital ID stored in certified private wallets, a single credential sitting solely in the Gov.uk Wallet accessed by certified DVS providers (the current plan), or something entirely different. Each variation represents a fundamentally different social and economic model. This uncertainty risks market stability, discourages investment and weakens trust across the entire digital ecosystem – not just government.”
An online petition opposing the introduction of digital ID in the UK has gathered almost three million signatures, and many DVS providers are privately outraged at the government’s proposals.
MPs on the Home Affairs Committee launched an inquiry in June 2025 into the introduction of new forms of digital ID. At a hearing last month, the MPs were warned that a mandatory digital ID could pave the way for greater mass surveillance and digital exclusion, and would fail to deliver Starmer’s suggested benefits of reducing illegal migration or preventing people from working illegally.
The concept of security awareness training is traditionally one of static procedures, including online training and tests, phishing simulations, and physical elements such as posters and displays.
This is all practical for compliance, but does this concept move with the times? In a world where AI is king, how does awareness training fit with this technology trend? As an example, delegates at KnowBe4’s recent user conference in London heard how the company’s more AI-driven direction is taking shape.
Increase in agents
CEO Bryan Palma predicts that AI would lead to an increase in the number of people and agents saying that “AI makes us more productive”, and with the number of agents being deployed in cyber security increasing. This could result in fewer people being employed; however, the attitude at KnowBe4 is to train the workforce regardless of whether they are man or machine.
“We don’t care as, ultimately, we’re going to prepare your organisation and your workforce to be trained correctly and be an advantage for you in the market,” he says. “Now it is probably 100% humans we train and zero agents, tomorrow it may be 60 humans and 65 agents – we’re not going to care.”
That movement towards agents, and supporting them as much as employees, is particularly forward-looking as the adoption of AI-based options increases. Palma claims that this adoption of support for agents is “about security culture, and that is really the outcome that we’re trying to build”.
He says: “The reality is that agents will be part of your security culture, and bots will be part of your world. If we turn the clock forward a few years, you will have multiple bots that work for you, and you’re going to tell them to do things, and they will work independently, and instead of managing only people, you’re going to need to manage bots as well.”
This move is all about culture, and agents have to be part of that culture “just as humans would be”, he explains.
Workforce trust management
Palma states that the company’s direction is towards the concept of “workforce trust management”, an extension of the original security awareness training and the more commonly used term “human risk management”.
He explains that workforce trust management considers autonomous security, which governs and trains both humans and AI agents, as the workforce will be diverse: “You need to protect them all, as each can be a vulnerability.”
The obvious question is how AI and automated functions are changing both workforce trust management and KnowBe4’s core awareness and training mission? Sitting with Palma, Computer Weekly had the opportunity to ask him about this move towards automation and if there was enough of a grasp of the roll-out of automated tasks in the way that KnowBe4’s technology works.
Palma says the company was thinking about it and developing around it, and then when he joined the firm, he realised both the impact of this from other things that he has done and the need to accelerate development.
“I’ve put more focus on it; I’m putting more investment behind it. I want to accelerate what we’re doing, but we have six agents in the market – we were already doing this, and it becomes critical because it just allows our system to run better,” he says.
Is there more demand from customers for that kind of automation in a workforce trust management offering? He explains that one of its agents creates a phishing landing page to save time for the IT and cyber security teams to build new versions of the phishing tests continually.
Donna Huggett, information security education and awareness manager at Belron – the parent organisation of Autoglass and Safelite – tells Computer Weekly that she uses KnowBe4 for phishing simulations. The AI-enabled technology “actually helps us massively cut down quite a huge chunk of work”, as time was previously spent on developing templates and choosing the right one to use, the options in the AIDA technology do the work for you.
She also said this determines the level of phishing message to be sent to an employee, for those who need to be challenged more and who will receive slightly harder emails. “And that’s all automated now, so that’s a massive help,” she says.
Paul Maxwell, cyber security engineer at retailer Poundland, says he primarily uses KnowBe4 for phishing simulation, and used 115 templates, but found that some were no longer working. This required new templates to be built, and it “was adding 35 hours a month” to his workload as users became savvier, and he needed to create new emails.
“I spent a good couple of hours at night, just thinking ‘That’s a good one, that’s going to catch people out’. With that kind of stuff, you can’t just go half measure, you’ve really got to try and catch them out,” he says. “Because if you don’t catch them out, you don’t help them learn.”
He explains that the most effective options were those that appeared to come from HR, such as clicking to claim annual leave, and finance and IT issues, including updating to Windows 11. However, the staff engagement has seen an increase in reported phishing attacks. While Maxwell admits that each alert takes time to investigate, he acknowledges that the platform has been really helpful.
“This is exactly what I need: firstly to help me move security forward in the business, but also to be able to take a step back and look at other areas I need to focus on,” he adds.
Automated agents
In terms of automated agents, Computer Weekly asked Palma if the intention was to add machine learning to enable the examples above, and if it could get to the level where it could replace the practitioner’s need to do awareness training by determining the right campaign for employees?
Palma explains that people are overlooking this link and are moving directly to AI, while the human link is vital; there is machine learning involved. “Everybody wants to think GenAI, everybody wants to think next generation: we’ve had lots of machine learning and regular vanilla AI for a long time, and that’s still very meaningful and that still does a lot of the work, but conceptually it will absolutely look and say, ‘Hey, these are the mistakes you’re making’, or ‘These are the mistakes the system is making’ and how you solve that.”
Palma says that the development of agents has increased over the past year, and he sees a future where “our email, our training, our compliance is all going to be in one single platform”, which will allow KnowBe4 to add in components and capabilities as it moves forward.
Different-sized businesses
Palma also discussed whether small- and medium-sized enterprises (SMEs) are more adaptable to a changing technology concept, compared to a large organisation that has been retrospectively building in security since the 1990s.
“I think the bigger organisations have more people, they have more process, they tend to move slower,” he says. “The smaller organisations are going to be very efficient – among many of our SMEs, they don’t have a CISO, and they don’t have an information security department.
“Now, if they have three or four agents that can help them around workforce trust, they’re going to be really happy about that. So, I think adoption at that part of the market is going to be faster and quicker.”
This move to offer automated technologies is one where the company can move with the times, but the question is how adaptive are the practitioners to this new form of technology to do this straightforward task? Creating phishing templates is time-consuming, and creating new emails takes time and effort, and we have not really begun considering the energy required to filter through the phishing simulation results.
It is interesting to see this adoption of the newer ways of working, and perhaps the next step will be for practitioners to go all in on an agentic approach. Being able to offload a cumbersome task and see the results without hours of extra work would surely be worth the effort.
Barcelona confirm Bonmatí out for five months after surgery
Sean Penn’s charge shakes the Academy as boss breaks silence
BYU’s Davis scores 18 in return from 2-game ban
-
Sports1 week agoWATCH: Ronaldo scores spectacular bicycle kick
-
Entertainment1 week agoWelcome to Derry’ episode 5 delivers shocking twist
-
Politics1 week agoWashington and Kyiv Stress Any Peace Deal Must Fully Respect Ukraine’s Sovereignty
-
Business1 week agoKey economic data and trends that will shape Rachel Reeves’ Budget
-
Tech2 days agoGet Your Steps In From Your Home Office With This Walking Pad—On Sale This Week
-
Politics1 week ago53,000 Sikhs vote in Ottawa Khalistan Referendum amid Carney-Modi trade talks scrutiny
-
Tech1 week agoWake Up—the Best Black Friday Mattress Sales Are Here
-
Entertainment2 days agoSadie Sink talks about the future of Max in ‘Stranger Things’