亚马逊自 2024 年 8 月内部黑客松起开发的 Autonomous Threat Analysis（ATA）系统由多名具专职能力的 AI 代理组成，分为进攻与防守两队，以“机器速度”执行漏洞搜寻、变体分析与修复提案。ATA 基于高保真测试环境，可执行真实攻击指令并产生日志；蓝队则利用真实遥测验证防御有效性。系统要求每项检测与技术具可验证数据，使“幻觉在架构上不可能”，显著降低误报。其速度优势明显：例如在分析 Python 反向 shell 攻击时，ATA 在数小时内生成新战术并提出 100% 有效的防御检测规则。

ATA 的规模效应在于自动处理大量重复性安全任务，缓解因生成式 AI 加速软件开发与攻击者能力提升所带来的压力。随着代码量激增且威胁快速演进，人工难以覆盖所有应用；ATA 则能持续生成攻击组合、更新检测体系，并由人类复核后实施。亚马逊确认 ATA 不取代专家，而是释放人员专注复杂威胁。其开发流程要求日志、时间戳与真实系统数据验证，减少虚假模式学习，并提升规则生成的可靠性。

下一阶段目标是将 ATA 纳入实时事件响应，以机器速度识别攻击并提出即时修复。亚马逊安全主管指出，AI 承担后台基础工作后，工程团队可避免被大量误报拖累，将注意力集中于真实威胁。ATA 当前覆盖规模已显著扩大，并被视为亚马逊日常安全运营的关键组成部分。

Amazon’s Autonomous Threat Analysis (ATA), created during an internal hackathon in August 2024, uses multiple specialized AI agents—organized into offensive and defensive teams—to perform large-scale vulnerability discovery, variant analysis, and remediation proposals at machine speed. Running inside high-fidelity replicas of Amazon’s production systems, red-team agents execute real attack commands that generate verifiable logs, while blue-team agents validate defenses using actual telemetry. By requiring time-stamped, observable evidence for every technique, ATA sharply reduces false positives and makes “hallucinations architecturally impossible.” Its impact is demonstrated by cases such as Python reverse-shell analysis, where ATA identified new tactics and produced defense rules that proved 100% effective within hours.

ATA’s advantage lies in automating the massive volume of repetitive security work that has grown alongside generative AI–driven development and more sophisticated attackers. Human teams cannot manually review all applications or continually update detection logic; ATA can rapidly combine attack methods, generate new variations, and propose countermeasures, leaving humans to review and approve changes. Amazon stresses ATA is not a replacement for expert testing but a force multiplier that frees engineers to focus on complex threats. Its design emphasizes verification, reducing noise and improving rule quality.

The next phase will integrate ATA into real-time incident response, enabling faster detection and remediation across Amazon’s vast infrastructure. With AI handling baseline analysis and filtering, human analysts can avoid being overwhelmed by false positives and concentrate on actual attacks. ATA has already become a core component of Amazon’s security operations.