Amazon will publish details Monday about an internal security system called Autonomous Threat Analysis (ATA), a collection of specialized AI agents built to spot weaknesses in the company’s platforms, search for related variants of those flaws, and suggest fixes and detection rules before attackers exploit them.
As generative AI accelerates software development, it has also increased the capabilities of financially motivated and state-backed attackers. Security teams at large tech companies face more code to scrutinize and greater pressure from adversaries, prompting Amazon to invest in automated tooling that scales defensive work.
The idea for ATA emerged at an internal hackathon in August 2024. Engineers who worked on the project say the prototype has grown quickly into a tool that security staff rely on to find and harden parts of Amazon’s services that would be difficult for humans to examine at the same pace.
At its core ATA is not one monolithic model aimed at replacing human testers. Amazon designed multiple focused AI agents that operate in opposing teams to probe real attack methods, generate variations, and propose defensive controls for human review. Those agents run through cycles of offense and defense that mirror the workflows of human red and blue teams but at machine speed.
“The initial concept was aimed to address a critical limitation in security testing—limited coverage and the challenge of keeping detection capabilities current in a rapidly evolving threat landscape,” Steve Schmidt, Amazon's chief security officer, said.
To run experiments at scale, Amazon built special high-fidelity testing environments that mirror production systems closely enough that ATA can ingest and produce realistic telemetry. Those environments let the agents execute commands and generate logs that look like the signals Amazon’s live defenses would see, giving the analysis greater practical relevance.
Every technique an agent tries, and every detection it proposes, must be validated against real, automated tests and system data. Red team agents execute commands in ATA’s test environments that produce verifiable logs. Blue team agents consume real telemetry to confirm whether suggested protections actually work. When an agent claims to have discovered a novel technique it also pulls time-stamped logs to back up the finding, so each step produces evidence that can be audited by humans.
Schmidt says that verifiability cuts down on false positives and serves as a form of “hallucination management.” He adds that “hallucinations are architecturally impossible.”
The setup of specialized agents working toward a larger objective reflects how human teams collaborate during security testing, but AI multiplies the number of permutations that can be tried in a short span. Michael Moran, an Amazon security engineer who helped propose ATA at the 2024 hackathon, highlights that difference by describing how the system accelerates investigation.
“I get to come in with all the novel techniques and say, ‘I wonder if this would work?’ And now I have an entire scaffolding and a lot of the base stuff is taken care of for me" in investigating it, says Moran, who was one of the engineers who originally proposed ATA at the 2024 hackathon. “It makes my job way more fun but it also enables everything to run at machine speed.”
Amazon’s teams report early success with ATA’s approach. The system concentrated on Python reverse shell methods, a set of tactics attackers use to force a target device to open a remote session back to an attacker’s machine. Within hours ATA mapped out new reverse shell variants and suggested detections for Amazon’s defense systems that the company found to be 100 percent effective in test conditions.
ATA runs autonomously through its investigation cycles, yet it is built with a human-in-the-loop philosophy that requires approval from people before changes reach production defenses. Schmidt acknowledges that ATA will not replace the nuanced judgment of experienced security testers. The model handles the repetitive, time-consuming elements of threat analysis so human staff can focus on harder, higher-value tasks.
Schmidt says the next phase is to integrate ATA into live incident response workflows for faster identification and remediation during actual attacks on Amazon’s infrastructure. “AI does the grunt work behind the scenes. When our team is freed up from analyzing false positives, they can focus on real threats,” Schmidt says. “I think the part that’s most positive about this is the reception of our security engineers, because they see this as an opportunity where their talent is deployed where it matters most."