Amazon.com Inc. has shared details about an internally developed artificial intelligence system it uses to find vulnerabilities in its infrastructure.

The system is known as Autonomous Threat Analysis, or ATA for short, Wired reported today. Amazon engineers developed it during an internal hackathon.

Scanning a large technology environment for vulnerabilities is a labor-intensive task. The process of fixing those vulnerabilities and checking that the patches work as expected can likewise take a significant amount of time. According to Wired, Amazon developed ATA to speed up the workflow. The company says that the system can test more than 200 hacking methods in 90 minutes.

ATA is powered by two groups of AI agents. The first ensemble is responsible for finding cybersecurity flaws. The other agent group, in turn, comes up with ways to mitigate the vulnerabilities discovered by the first group. Furthermore, the agents test the suggested remediation methods to determine if they would work in production.

According to Wired, Amazon developed a simulated version of its internal technology environment for ATA. The test environment reportedly enables the system to run “actual commands” of the kind hackers might use to carry out a cyberattack. During cyberattack simulations, ATA generates telemetry that engineers can use to verify the accuracy of the AI agents’ output.

Amazon says one of the tasks that the system speeds up is variant analysis. That’s the process of identifying whether a vulnerability that affects one application might also be present in other workloads. The task is difficult to perform manually because the technical properties of a vulnerability often vary across the impacted systems.

Vulnerability variations can emerge when there are snippets of code that perform the same task, but in different ways. For example, two form submission pages might each include a filter that blocks malicious uploads. Even if the two forms’ respective filters are implemented in different programming languages, they might both include a flaw that lets SQL injections through. Variation analysis uncovers such issues. 

Many cyberattacks are carried out using a shell, a command line interface that provides access to operating system components. Usually, hackers use a malicious server to request access to a targeted system’s shell. In some cases, they take the opposite approach: they first infect the targeted system and then have it establish a connection to a malicious server. Such cyberattacks are known as reverse shell attacks.

Amazon engineers had ATA test Python-based reverse shell tactics during an internal project. The system reportedly found several potential vulnerabilities. Furthermore, it proposed detections against the vulnerabilities that proved to be 100% effective. A detection is a snippet of code that can identify a narrow set of cyberattacks.

Amazon staffers developed the initial version of ATA during an internal hackathon held last August. The system has since reportedly “grown into a crucial tool” for the company. Amazon plans to further expand ATA’s role in the future by applying it to real-time incident response tasks.

Image: AWS