Surf AI Is Now Available on AWS Marketplace

Today we are announcing that Surf AI is available via AWS Marketplace.

There's no shortage of security findings. The problem is the gap between a finding and a resolution, and closing that gap is what Surf was built to do. Now AWS customers can adopt Surf through Marketplace, using the procurement and billing processes they already have in place.

Why this matters for AWS customers

Buying through AWS Marketplace removes friction from the part of security that has nothing to do with security: procurement.

• Purchase Surf through your existing AWS account, with consolidated AWS billing and no new vendor payment setup.
• Draw down against your existing AWS spend commitments, so Surf counts toward agreements you have already made.
• Move through security and legal review faster with standardized Marketplace terms.
• Get to deployment sooner, because the path from decision to rollout is shorter.

For teams operating at scale, that means less time spent buying security and more time spent improving it.

What Surf does

Surf is a security-first, agentic operations platform built around the Context Graph: a continuously updated map of every entity, relationship, ownership assignment, and policy in your environment.

When a finding lands, Surf does the work that normally falls on a human:

• It resolves the real owner by connecting signals across your code, identity, HR, and on-call systems.
• It models the ripple effect before anything changes, so you understand downstream impact in advance.
• It resolves compliance scope at the same time, treating PCI, SOX, and HIPAA requirements as properties of the asset rather than a separate review.
• It orchestrates the fix and writes the outcome back to your tools, leaving a complete audit trail on both sides.

What changes for your team

Without Surf, a confirmed finding bounces between dashboards, chat threads, and tickets while someone figures out who owns it, what it touches, and whether the fix is allowed. It stays live in production the whole time.

Picture a critical CVE that surfaces in a customer-facing payments service. Rather than opening a ticket and waiting for someone to claim it, Surf traces ownership across your identity, HR and cloud systems,, confirms the fix will not break anything downstream that depends on it, and verifies the change fits within PCI compliance scope before any action is taken. The engineer who owns the service receives a clear, pre-validated remediation path, and the vulnerability is closed while the context is still fresh instead of aging quietly in a backlog.

With Surf, that same finding arrives with an owner already identified, ripple effects already modeled, a compliance path already cleared, and a fix already orchestrated. Security teams stop chasing. Backlogs stop growing.

Get started

If you run on AWS and you are tired of watching confirmed findings age in a backlog, you can find Surf on AWS Marketplace today.

We will keep meeting security teams where they already work, and our availability on AWS Marketplace is a big step in that direction.