Article
AWS Summit Milano 2026 — My First Summit
Agentic AI, Kiro, API security with Satispay, Anthropic's roadmap, and a lot of things I didn't expect. A full recap of my day at Fiera Milano Rho.
Yesterday I attended my first AWS Summit ever. I'd been looking forward to it for weeks, and I can say without any exaggeration that it delivered way more than I expected, both in terms of content and in terms of just... the experience of being in a room full of people who care about the same things you do.
Here's what I saw
The Keynote
The keynote ran for a couple of hours and it was packed. A few things stood out immediately.
Amazon Quick got a lot of stage time — and for good reason. It's evolved into something genuinely useful for developers, going well beyond a simple code assistant. What struck me is how deeply it's being integrated into the entire AWS ecosystem, not just as a standalone tool.
Then there was Kiro, which was honestly one of the more exciting announcements of the morning. Similar to Cursor or Antigravity? Eh... yeah! It was still cool: a new AI-powered IDE built around spec-driven development. I'm curious to see where it goes.
AWS Transform Custom was another highlight — AWS's answer to technical debt at scale. The pitch is essentially: give us your legacy codebase and let us help you modernize it systematically, with AI doing a lot of the heavy lifting. It sounds almost too good to be true, but the demos were compelling. A real life example could be converting an entire codebase from C language to Rust language. With AWS Transform Custom, it is way faster.
And then two agent announcements that I'm still thinking about: AWS Security Agent and AWS DevOps Agent. Both are part of AWS's broader push into agentic AI — systems that don't just assist you but actually do things autonomously. The Security Agent in particular caught my attention. I loved it. It automatically identifies vulnerabilities and suggesting or applying fixes without you having to babysit it.
Anthropic Session
I'll be upfront: I walked into the Anthropic session already interested, and I walked out genuinely excited. Hearing directly from Anthropic about where Claude is heading — the research, the roadmap, the thinking behind some of the design decisions — was something else. This isn't the kind of thing you get from reading blog posts or release notes. It was so cool to hear an AI Engineer @ Anthropic.
API Security with AWS WAF — Satispay's Real-World Story
This session was excellent in a different way. Satispay, who handles financial transactions for millions of users, walked through how they use AWS WAF to protect their API layer in production.
No abstract theory here. They showed real attack patterns they've encountered, how they structured their WAF rules to deal with them, and the tradeoffs they made along the way. The examples of how to defend applications against common API threats — injection, abuse of authentication endpoints, rate limiting bypass — were the kind of thing you can actually take home and apply.
If you work on anything that exposes APIs to the public internet, this session would have been worth the trip alone.
Eliminating Technical Debt at Scale — AWS Transform Custom
Following up on the keynote announcement, this session went deeper on AWS Transform Custom. The core idea is using AI to systematically modernize legacy codebases — think old Java monoliths, outdated .NET applications, years of accumulated shortcuts — and migrate them to modern, cloud-native architectures.
What I found interesting was the emphasis on custom. This isn't a one-size-fits-all migration tool. It's designed to understand the specific context of your codebase and generate a migration path that makes sense for it. Whether that promise fully delivers in practice is something I'd want to test, but the approach is sound.
Data Protection with AWS Storage
This one was more infrastructure-focused but no less important. The session covered AWS's current storage landscape — S3, EBS, EFS and how they map to different data protection requirements — with a focus on encryption, access controls, replication, and backup strategies.
Nothing earth-shattering if you've been working with AWS for a while, but a solid and well-structured overview of best practices. The part about lifecycle policies and cost optimization within storage was a nice practical addition.
AWS European Sovereign Cloud
This was probably the most "business and compliance" session of the day, but I found it genuinely fascinating. AWS is building dedicated infrastructure within European legal jurisdictions — meaning data doesn't just physically stay in Europe, it stays legally in Europe, outside the reach of non-EU regulations.
For any company dealing with GDPR, the AI Act, or industry-specific regulations, this is a big deal. The session made a strong case that you don't have to choose between cutting-edge cloud capabilities and regulatory compliance — which, if it's true, removes one of the last major objections enterprises have had to full cloud adoption.
The Rest of It
Beyond the sessions, the expo floor was worth exploring. Lots of partners showing real integrations and use cases, some genuinely interesting demos, and the kind of impromptu conversations you only get at events like this — talking to someone for fifteen minutes and walking away with three new ideas you hadn't considered before.
The networking during breaks was probably underrated by me going in. I ended up talking to developers, architects, and students at various stages of their careers. Everyone was there because they actually wanted to be there, which makes a difference.
Final Thoughts
I went in not knowing exactly what to expect. I came out with a clearer picture of where AWS is heading, a much better understanding of how companies like Satispay handle security at scale, genuine excitement about what Anthropic is building, and a long list of things to go read more about.
If you're on the fence about going next year — just go. It's free, the content is legitimately good, and there's something about spending a full day immersed in this stuff, surrounded by people who care about it, that no amount of YouTube videos or blog posts can replicate.
See you there in 2027.