Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Such as generative artificial intelligence pays Software development speedIt also enhances the ability of digital attackers to execute Financially motivated or State-supported Superhero. This means that security teams at tech companies have more code to review than ever before while dealing with more pressure from bad actors. on monday, Amazon The company will publish details for the first time about an internal system known as Autonomous Threat Analysis (ATA), which the company uses to help its security teams proactively identify vulnerabilities in its platforms, perform various analysis to quickly look for other similar flaws, and then develop remediation and detection capabilities to plug vulnerabilities before attackers find them.
ATA was born out of an internal Amazon hackathon in August 2024, and members of the security team say it has evolved into a critical tool since then. The basic concept behind ATA is that it is not a single AI agent developed to perform security testing and comprehensive threat analysis. Instead, Amazon has developed several specialized AI agents that compete against each other in two teams to quickly investigate real attack techniques and different methods that could be used against Amazon systems, and then propose security controls for human review.
“The initial concept was intended to address critical limitations in security testing — limited coverage and the challenge of keeping detection capabilities up-to-date in a rapidly evolving threat landscape,” Steve Schmidt, Amazon’s chief security officer, told WIRED. “Limited coverage means you can’t get to all the software or you can’t get to all the applications because you don’t have enough humans. So, it’s great to do analysis on a bunch of software, but if you don’t keep the detection systems themselves up to date with changes in the threat landscape, you’re missing half the picture.”
As part of expanding its use of ATA, Amazon has developed special “high-fidelity” test environments that are highly realistic reflections of Amazon’s production systems, so that ATA can ingest and produce real-time telemetry for analysis.
The company’s security teams also designed ATA so that every technology it uses, and the detection capability it produces, is validated through real, automated testing and system data. Red team agents working to detect attacks that could be used against Amazon systems execute actual commands in ATA’s test environments that produce verifiable logs. The blue team, or defense-focused agents, use real-time telemetry to ensure the protections they propose are effective. Any time an agent develops new technology, it also pulls time-stamped records to prove the accuracy of its claims.
This verifiability reduces false positives and serves as “hallucination management,” says Schmidt. Because the system is built on demanding certain standards of observable evidence, Schmidt claims that “hallucinations are architecturally impossible.”