[{"data":1,"prerenderedAt":586},["ShallowReactive",2],{"blog-is-safe/amazon-q":3},{"id":4,"title":5,"body":6,"category":559,"date":560,"dateModified":560,"description":561,"draft":562,"extension":563,"faq":564,"featured":562,"headerVariant":570,"image":571,"keywords":572,"meta":573,"navigation":574,"ogDescription":575,"ogTitle":571,"path":576,"readTime":577,"schemaOrg":578,"schemaType":579,"seo":580,"sitemap":581,"stem":582,"tags":583,"twitterCard":584,"__hash__":585},"blog/blog/is-safe/amazon-q.md","Is Amazon Q Developer Safe? Security Review (2026)",{"type":7,"value":8,"toc":547},"minimark",[9,13,19,24,27,30,47,50,54,101,105,108,193,196,202,224,228,231,234,254,257,271,274,283,287,290,297,300,318,327,336,340,437,440,444,447,479,482,516,535],[10,11,12],"p",{},"Amazon Q Developer launched at AWS re:Invent in November 2023, replacing CodeWhisperer as Amazon's primary AI coding tool. It's free for individuals and $19/user/month for Professional. If you're building on AWS, you've probably tried it or been told to. Here's the honest security picture.",[14,15,16],"tldr",{},[10,17,18],{},"Amazon Q Developer is one of the safer AI coding tools: the Professional tier never uses your code for training, built-in security scanning catches OWASP Top 10 issues, and it runs on AWS's own audited infrastructure. The Individual (free) tier is also reasonably private since Amazon updated its data policy in late 2023. The risk isn't Q itself. It's the code Q generates. Always scan before shipping.",[20,21,23],"h2",{"id":22},"what-is-amazon-q-developer","What is Amazon Q Developer?",[10,25,26],{},"Amazon Q Developer is AWS's AI coding assistant. It replaced CodeWhisperer in 2023 and added agentic capabilities: it can write multi-file changes, fix bugs across a codebase, and generate unit tests automatically. It integrates with VS Code, JetBrains IDEs, the AWS Console, and AWS Cloud9.",[10,28,29],{},"Two separate questions matter here:",[31,32,33,41],"ol",{},[34,35,36,40],"li",{},[37,38,39],"strong",{},"Is the tool itself secure?"," Where does your code go, who sees it, is it used for training?",[34,42,43,46],{},[37,44,45],{},"Is the code it generates safe?"," Can you ship what Q produces without a security review?",[10,48,49],{},"The answer to question 1 is mostly yes. The answer to question 2 is: not without checking.",[20,51,53],{"id":52},"our-verdict","Our Verdict",[55,56,57,62,80,84],"pros-cons",{},[58,59,61],"h4",{"id":60},"whats-good","What's Good",[63,64,65,68,71,74,77],"ul",{},[34,66,67],{},"Professional tier never trains on your code",[34,69,70],{},"Built-in OWASP security scanning (no extra tool needed)",[34,72,73],{},"Runs on AWS's own infrastructure (SOC 2 Type II, ISO 27001, FedRAMP High)",[34,75,76],{},"Strong IAM-based enterprise controls",[34,78,79],{},"Free Individual tier with updated privacy policy since 2023",[58,81,83],{"id":82},"what-to-watch","What to Watch",[63,85,86,89,92,95,98],{},[34,87,88],{},"Code is still sent to AWS servers for every completion",[34,90,91],{},"Individual tier: 50 security scans/month cap",[34,93,94],{},"AI-generated AWS SDK code can expose IAM credentials if accepted uncritically",[34,96,97],{},"Security scanning doesn't catch business logic flaws",[34,99,100],{},"Amazon Q agent features send broader code context than basic autocomplete",[20,102,104],{"id":103},"privacy-and-data-handling","Privacy and Data Handling",[10,106,107],{},"This is the part that matters most to most teams. Here's the actual breakdown:",[109,110,111,126],"table",{},[112,113,114],"thead",{},[115,116,117,120,123],"tr",{},[118,119],"th",{},[118,121,122],{},"Individual (Free)",[118,124,125],{},"Professional ($19/user/month)",[127,128,129,141,151,162,172,183],"tbody",{},[115,130,131,135,138],{},[132,133,134],"td",{},"Code used for training",[132,136,137],{},"No (opt-in only, since 2023)",[132,139,140],{},"Never",[115,142,143,146,149],{},[132,144,145],{},"Code sent to AWS for completions",[132,147,148],{},"Yes",[132,150,148],{},[115,152,153,156,159],{},[132,154,155],{},"Admin controls",[132,157,158],{},"None",[132,160,161],{},"Full",[115,163,164,167,170],{},[132,165,166],{},"SSO / SCIM",[132,168,169],{},"No",[132,171,148],{},[115,173,174,177,180],{},[132,175,176],{},"Security scans/month",[132,178,179],{},"50",[132,181,182],{},"500",[115,184,185,188,190],{},[132,186,187],{},"Agentic task runs/month",[132,189,179],{},[132,191,192],{},"Unlimited",[10,194,195],{},"Amazon updated the Individual tier policy in late 2023. Before that, code was used for model training by default. Now it isn't, unless you explicitly opt in. The Professional tier has always had a hard \"never\" on training.",[10,197,198,201],{},[37,199,200],{},"What does \"code sent to AWS servers\" mean in practice?"," When Q generates a suggestion, it sends your open files and cursor context to Amazon's backend (running on Amazon Bedrock). That data is processed in-memory for the completion and not stored long-term. For most apps, this is fine. For code with hardcoded secrets, it's a problem (though Q's secret detection should flag those before they reach the backend anyway).",[203,204,205],"warning-box",{},[10,206,207,210,211,215,216,219,220,223],{},[37,208,209],{},"Agentic mode sends more."," When you use Q's agent features (multi-file edits, ",[212,213,214],"code",{},"/dev"," tasks), it reads a broader slice of your codebase to plan changes. If your repo contains ",[212,217,218],{},".env"," files, AWS credentials in config files, or other secrets, make sure those are in ",[212,221,222],{},".gitignore"," and excluded from Q's workspace scan.",[20,225,227],{"id":226},"built-in-security-scanning","Built-in Security Scanning",[10,229,230],{},"Amazon Q's security scanning is its biggest differentiator. It's powered by Amazon CodeGuru Security, which runs over 1,100 detectors from the CWE (Common Weakness Enumeration) database.",[10,232,233],{},"What it catches:",[63,235,236,239,242,245,248,251],{},[34,237,238],{},"Hardcoded credentials and API keys (including AWS access keys)",[34,240,241],{},"SQL injection",[34,243,244],{},"Cross-site scripting (XSS)",[34,246,247],{},"Path traversal",[34,249,250],{},"Insecure cryptography (MD5, SHA-1 for passwords)",[34,252,253],{},"OWASP Top 10 vulnerabilities",[10,255,256],{},"What it misses:",[63,258,259,262,265,268],{},[34,260,261],{},"Business logic flaws",[34,263,264],{},"Context-specific authorization gaps (e.g., missing ownership checks)",[34,266,267],{},"Infrastructure misconfigurations (use AWS Security Hub for those)",[34,269,270],{},"Runtime vulnerabilities that only appear under specific conditions",[10,272,273],{},"The Individual tier caps at 50 scans/month. For most small projects that's enough. Professional gives you 500/month and supports full project scans (not just individual files).",[275,276,277],"tip-box",{},[10,278,279,282],{},[37,280,281],{},"Run a project-wide scan before deploying."," Q's file-by-file scanning during development catches issues as you write. The full project scan before shipping catches patterns that only appear when you look at the whole codebase, like an API route that lacks auth because the middleware that protects it was defined in a file Q hadn't seen.",[20,284,286],{"id":285},"the-real-risk-ai-generated-aws-code","The Real Risk: AI-Generated AWS Code",[10,288,289],{},"Amazon Q excels at AWS-specific code: Lambda functions, IAM policies, CloudFormation templates, DynamoDB queries. That's also where the biggest security gaps tend to appear.",[10,291,292,293,296],{},"CheckYourVibe's scanner finds AWS access keys (pattern: ",[212,294,295],{},"AKIA[0-9A-Z]{16}",") in frontend JavaScript in roughly 12% of AI-built apps that use AWS SDK patterns. The typical cause: the developer asked Q to \"add S3 upload functionality,\" Q generated working code using hardcoded credentials, and the developer shipped it without swapping in environment variables.",[10,298,299],{},"This isn't Q's fault. It's a pattern-completion tool that produces what seems most likely based on context. If your codebase has credentials scattered in config files, Q's suggestions will reflect that. The fix is the same regardless of which AI tool you use:",[301,302,304],"step",{"number":303},"1",[10,305,306,309,310,313,314,317],{},[37,307,308],{},"Never accept Q's credential suggestions literally."," When Q suggests ",[212,311,312],{},"new S3Client({ accessKeyId: \"AKIA...\", secretAccessKey: \"...\" })",", that's a placeholder pattern. Replace with ",[212,315,316],{},"process.env.AWS_ACCESS_KEY_ID"," before committing.",[301,319,321],{"number":320},"2",[10,322,323,326],{},[37,324,325],{},"Use IAM roles, not access keys, for services running on AWS."," Lambda, EC2, ECS, and Elastic Beanstalk can all assume IAM roles. Q knows this and will suggest it if you prompt correctly: \"write S3 upload code that uses IAM role-based auth, no hardcoded credentials.\"",[301,328,330],{"number":329},"3",[10,331,332,335],{},[37,333,334],{},"Run CheckYourVibe before shipping."," Q's built-in scan catches many issues, but it's checking within the IDE context. An independent scan after you've integrated everything catches patterns that span files.",[20,337,339],{"id":338},"amazon-q-vs-competitors","Amazon Q vs Competitors",[109,341,342,357],{},[112,343,344],{},[115,345,346,348,351,354],{},[118,347],{},[118,349,350],{},"Amazon Q Developer",[118,352,353],{},"GitHub Copilot",[118,355,356],{},"Cursor",[127,358,359,371,385,399,412,424],{},[115,360,361,364,367,369],{},[132,362,363],{},"Built-in security scanning",[132,365,366],{},"Yes (1,100+ detectors)",[132,368,169],{},[132,370,169],{},[115,372,373,376,379,382],{},[132,374,375],{},"Training data opt-out",[132,377,378],{},"Individual: yes; Pro: never",[132,380,381],{},"Requires Business/Enterprise",[132,383,384],{},"Privacy mode available",[115,386,387,390,393,396],{},[132,388,389],{},"Enterprise admin controls",[132,391,392],{},"Strong (IAM)",[132,394,395],{},"Good (GitHub Org)",[132,397,398],{},"Basic",[115,400,401,404,407,410],{},[132,402,403],{},"AWS-specific suggestions",[132,405,406],{},"Excellent",[132,408,409],{},"Good",[132,411,409],{},[115,413,414,417,419,421],{},[132,415,416],{},"Free tier",[132,418,148],{},[132,420,169],{},[132,422,423],{},"Limited",[115,425,426,429,432,435],{},[132,427,428],{},"Agentic features",[132,430,431],{},"Yes (/dev tasks)",[132,433,434],{},"Yes (Copilot Workspace)",[132,436,148],{},[10,438,439],{},"If your stack is AWS-heavy and you don't run separate SAST tooling, Amazon Q's built-in scanner gives it a clear edge. If you're on a mixed stack or GitHub-native workflow, Copilot's ecosystem integration may matter more.",[20,441,443],{"id":442},"compliance-and-certifications","Compliance and Certifications",[10,445,446],{},"Amazon Q Developer inherits AWS's compliance posture:",[63,448,449,455,461,467,473],{},[34,450,451,454],{},[37,452,453],{},"SOC 2 Type II",": security, availability, confidentiality",[34,456,457,460],{},[37,458,459],{},"ISO 27001",": information security management",[34,462,463,466],{},[37,464,465],{},"FedRAMP High"," (Q runs on Bedrock, which holds this authorization)",[34,468,469,472],{},[37,470,471],{},"HIPAA eligible"," for Professional tier deployments",[34,474,475,478],{},[37,476,477],{},"GDPR",": AWS Data Processing Agreement available",[10,480,481],{},"For most startups, these certifications aren't the day-to-day concern. They matter when enterprise customers or regulated industries do vendor security reviews.",[483,484,485,492,498,504,510],"faq-section",{},[486,487,489],"faq-item",{"question":488},"Is Amazon Q Developer safe to use?",[10,490,491],{},"Yes, with caveats. The Professional tier ($19/user/month) never uses your code for training and gives you admin controls. The Individual (free) tier has improved privacy since 2023 but still sends code context to AWS servers for completions. The bigger risk is the code Q generates. Always scan it before deploying.",[486,493,495],{"question":494},"Does Amazon Q use my code to train its AI?",[10,496,497],{},"For the Professional tier: no. Amazon explicitly states that customer code is never used to train foundation models. For the Individual tier: Amazon updated its policy in late 2023 so your code is not used for training unless you opt in.",[486,499,501],{"question":500},"What security vulnerabilities does Amazon Q detect?",[10,502,503],{},"Amazon Q's built-in scanner (powered by Amazon CodeGuru Security) detects OWASP Top 10 issues, hardcoded credentials, SQL injection, XSS, insecure cryptography, and over 1,100 patterns from the CWE database. Individual tier gets 50 scans/month; Professional gets 500/month.",[486,505,507],{"question":506},"Is Amazon Q better than GitHub Copilot for security?",[10,508,509],{},"Amazon Q has a built-in security scanner that Copilot lacks. That's a real advantage if your team doesn't run separate SAST tools. For AWS-heavy projects (Lambda, CloudFormation, IAM policies), Q's suggestions tend to be more accurate. Copilot edges ahead on general-purpose languages and IDE integration depth.",[486,511,513],{"question":512},"Can Amazon Q generate insecure code?",[10,514,515],{},"Yes. Like any AI coding tool, Q can produce code with hardcoded secrets, missing input validation, or flawed auth patterns. CheckYourVibe's scanner finds AWS access keys (AKIA... prefix) in frontend JavaScript in roughly 12% of AI-built apps that use AWS SDK patterns , often from blindly accepting AI suggestions. Run a scan before you ship.",[517,518,519,525,530],"related-articles",{},[520,521],"related-card",{"description":522,"href":523,"title":524},"Security review of Q's predecessor : still relevant if you're on the legacy tool","/blog/is-safe/codewhisperer","Is Amazon CodeWhisperer Safe?",[520,526],{"description":527,"href":528,"title":529},"How Q's biggest competitor handles privacy, training data, and security scanning","/blog/is-safe/copilot","Is GitHub Copilot Safe?",[520,531],{"description":532,"href":533,"title":534},"Side-by-side comparison of features, pricing, and security controls","/blog/comparisons/copilot-vs-codewhisperer","Copilot vs CodeWhisperer (Amazon Q)",[536,537,540,544],"cta-box",{"href":538,"label":539},"/","Start Free Scan",[20,541,543],{"id":542},"using-amazon-q-to-build-your-app","Using Amazon Q to Build Your App?",[10,545,546],{},"Scan your project for issues Q's scanner misses: exposed AWS credentials in frontend code, missing auth on API routes, and business logic gaps.",{"title":548,"searchDepth":549,"depth":549,"links":550},"",2,[551,552,553,554,555,556,557,558],{"id":22,"depth":549,"text":23},{"id":52,"depth":549,"text":53},{"id":103,"depth":549,"text":104},{"id":226,"depth":549,"text":227},{"id":285,"depth":549,"text":286},{"id":338,"depth":549,"text":339},{"id":442,"depth":549,"text":443},{"id":542,"depth":549,"text":543},"is-safe","2026-06-20","Is Amazon Q Developer safe to use? Review covers code privacy, training data handling, built-in security scanning, and what to watch for in AWS-backed AI coding.",false,"md",[565,566,567,568,569],{"question":488,"answer":491},{"question":494,"answer":497},{"question":500,"answer":503},{"question":506,"answer":509},{"question":512,"answer":515},"amber",null,"is amazon q safe, amazon q developer security, amazon q privacy, amazon q developer review, aws ai coding security, is amazon q developer safe",{},true,"Review of Amazon Q Developer security: privacy tiers, training data opt-out, built-in OWASP scanning, and what your code is exposed to.","/blog/is-safe/amazon-q","7 min read","[object Object]","Article",{"title":5,"description":561},{"loc":576},"blog/is-safe/amazon-q",[],"summary_large_image","rDAWILTWZMs7WtDOBrvoEJFmN_WzaWKOE65bOrFMrLE",1782240238759]