Amazon Is Using Specialized AI Agents for Deep Bug Hunting

As generative AI While technology accelerates software development, it also improves the ability of digital attackers to carry out financially motivated or state-sponsored hacks. That means security teams at tech companies have more code than ever to review while facing even more pressure from bad actors. On Monday, Amazon will release for the first time details of an internal system called Autonomous Threat Analysis (ATA), which the company uses to help its security teams proactively identify weaknesses in its platforms, perform variant analysis to quickly find other similar vulnerabilities, and then develop remediation and detection capabilities to plug vulnerabilities before attackers find them.

ATA was born out of an internal Amazon hackathon in August 2024, and members of the security team say it has since become a crucial tool. The key concept behind ATA is that it is not a single AI agent developed to comprehensively perform security testing and threat analysis. Instead, Amazon developed several specialized AI agents that compete in two teams to quickly study actual attack techniques and the different ways they could be used against Amazon’s systems, then propose security controls for human review.

“The initial concept was intended to address a critical limitation of security testing: limited coverage and the challenge of keeping detection capabilities current in a rapidly evolving threat landscape,” Steve Schmidt, Amazon’s chief security officer, told WIRED. “Limited coverage means you can’t go through all the software or access all the applications because you just don’t have enough humans. And then it’s great to do analysis of a set of software, but if you don’t keep the detection systems themselves up to date with changes in the threat landscape, you’re missing half the picture.”

As part of its expansion of its use of ATA, Amazon has developed special “high fidelity” test environments that are deeply realistic reflections of Amazon’s production systems, so that ATA can both ingest and produce real telemetry for analysis.

The company’s security teams also made a point of designing ATA so that every technique used and the detection capability it produces is validated by real, automated testing and system data. Red team agents who work to find attacks that could be used against Amazon systems run actual commands in ATA’s special test environments that produce auditable logs. The blue team, or defense-focused agents, uses real telemetry to confirm whether the protections they offer are effective. And every time an agent develops a new technique, it also pulls time-stamped logs to prove its claims are correct.

This verifiability reduces false positives, Schmidt says, and acts as “hallucination management.” Because the system is designed to require certain standards of observable evidence, Schmidt asserts that “hallucinations are architecturally impossible.”