Amazon WorkSpaces Enables AI Agents to Access Legacy Desktop Applications

Introduction

Enterprises are increasingly looking to deploy AI agents to automate complex workflows, yet they often hit a wall: the desktop applications and legacy systems that drive most business processes lack modern APIs. According to a 2024 Gartner report, 75% of organizations run legacy applications without such APIs, and 71% of Fortune 500 companies rely on mainframe systems with limited programmatic access. This forces businesses to choose between delaying AI adoption or undertaking costly, risky modernization projects.

Today, Amazon Web Services (AWS) announces a new capability in Amazon WorkSpaces that lets AI agents securely operate desktop applications without any need for modernization. The same managed virtual desktops used by millions of employees can now serve AI agents, transforming WorkSpaces into scalable infrastructure for enterprise productivity. Agents operate within your existing WorkSpaces environment, eliminating the need for custom APIs, application migrations, or new infrastructure management.

The Legacy Application Challenge

Many organizations still depend on legacy software for critical operations—think of custom ERP systems, mainframe-based transaction processing, or specialized industry applications. These systems often lack RESTful APIs, making them inaccessible to modern AI frameworks. Without direct integration, AI agents cannot directly interact with these tools, limiting automation to only modern, API-enabled applications.

Workarounds like screen scraping or robotic process automation (RPA) introduce fragility, security risks, and high maintenance overhead. The alternative—full application modernization—can take years and millions of dollars. Amazon WorkSpaces now bridges this gap by providing AI agents with a secure, cloud-hosted desktop environment where they can interact with any desktop application just as a human would.

Amazon WorkSpaces Solution

Amazon WorkSpaces, the company’s fully managed desktop-as-a-service offering, now includes preview support for AI agent access. You can grant agents their own WorkSpace, complete with identity and permissions separate from human users. This means AI agents can log in, open applications, perform tasks, and log out—all within a controlled environment that respects your existing security policies.

Secure and Governed Access

AI agents authenticate through AWS Identity and Access Management (IAM), ensuring each agent has a distinct identity and appropriate permissions. All actions are audited via AWS CloudTrail and Amazon CloudWatch, providing complete visibility into agent activities. Because agents run inside the WorkSpaces environment—rather than on local machines—your security controls and compliance postures remain fully intact. This enterprise-grade isolation is especially critical for regulated industries like finance, healthcare, and government.

Model Context Protocol (MCP) Support

Amazon WorkSpaces supports the Model Context Protocol (MCP), an industry standard for AI agent–application communication. MCP enables compatibility with popular agent frameworks such as LangChain, CrewAI, and Strands Agents. This flexibility means you can use your preferred orchestration tools without being locked into a proprietary API.

Customer Perspective

Early adopters are already seeing value. Chris Noon, Director at Nuvens Consulting, shared: “WorkSpaces lets our clients give AI agents the same secure, governed desktop environment their employees already use — no custom API integrations, full audit trails, and enterprise-grade isolation out of the box. For regulated industries, that’s not a nice-to-have — it’s the baseline.”

Getting Started: Setting Up AI Agent Access

Enabling AI agent access is straightforward from the AWS Management Console. Here’s a step-by-step overview based on the initial preview:

1. Create a new WorkSpaces Applications stack – This stack defines the environment that controls how agents connect and what actions they can perform.
2. Configure basic settings – Provide a stack name, associate a fleet, and set up VPC endpoints as needed.
3. Enable AI agent access – In step 3 of the creation workflow, you’ll see a new AI agents section with two options:
   • No AI agent access – Default setting for standard WorkSpaces designed for human users.
   • Add AI Agents – Enables agents to securely operate applications using their own identity and permissions.
4. Select “Add AI Agents” – This opens additional configuration fields where you can define agent IAM roles, permitted applications, and session limits.
5. Complete the stack creation – After reviewing, launch the stack. Agents can then connect via the WorkSpaces client using their IAM credentials.

Once set up, you can integrate the agent with your chosen MCP-compatible framework. For example, using LangChain, you can define a tool that instructs the agent to open a specific application, perform a series of clicks, extract data, and take further actions—all while remaining compliant with your security policies.

Conclusion

Amazon WorkSpaces’ new AI agent capability removes a major barrier to enterprise AI adoption. By giving agents access to legacy desktop applications within a secure, governed environment, AWS allows organizations to automate complex workflows without expensive modernization. With audit trails, IAM-based identity management, and MCP support, this preview feature offers a practical path to scaling AI productivity across regulated and legacy-heavy industries.

To get started, explore the Amazon WorkSpaces console and create a stack with AI agent access enabled. The preview is available today in select AWS regions.