Autonomous AI Agents for Cybersecurity Threat Detection and Response: A Multi-Agent Architecture Framework Using AWS Frontier Agents
DOI:
https://doi.org/10.63282/3117-5481/WFCMLS26-108Keywords:
Autonomous AI Agents, Frontier Agents, AWS Security Agent, Amazon Bedrock, Cybersecurity, Multi-Agent Systems, Threat Detection, Incident Response, GuardDuty, Large Language ModelsAbstract
The rapid proliferation of sophisticated cyber threats has outpaced the capabilities of traditional, rule-based security systems, necessitating a paradigm shift toward autonomous, AI-driven defenses. This paper presents a comprehensive multi-agent architecture framework for autonomous cybersecurity threat detection and response, leveraging AWS Frontier Agents as the primary operational backbone. Specifically, we introduce a coordinated system comprising the AWS Security Agent, Amazon Bedrock Agents for orchestration, and Amazon GuardDuty for machine-learning-based threat intelligence. The proposed framework enables autonomous operation over extended time horizons (hours to days) without human intervention, performing complex reasoning chains, automated penetration testing, threat hunting, and dynamic incident response. We describe the system architecture, agent coordination protocols, and integration pathways with existing security operations centers (SOCs). Experimental evaluation across simulated enterprise threat scenarios demonstrates a 94.7% threat detection accuracy, a 78% reduction in mean time to respond (MTTR), and a 63% decrease in false positive alerts compared to conventional signature-based intrusion detection systems. Our results indicate that frontier agent architectures offer a transformative approach to modern cybersecurity operations, significantly augmenting human analyst capacity while maintaining robust governance and auditability. This work contributes a reference architecture, empirical benchmarks, and governance guidelines applicable to enterprise-scale deployments.
References
[1] IBM Security, "Cost of a Data Breach Report 2024," IBM Corporation, Armonk, NY, USA, Tech. Rep., Jul. 2024. [Online]. Available: https://www.ibm.com/reports/data-breach
[2] Ponemon Institute, "2024 Cost of Cyber Crime Study," Accenture Security, Chicago, IL, USA, Tech. Rep., 2024.
[3] A. Wang, B. Patel, and C. Lee, "Frontier AI Agents: Capabilities, Architecture, and Governance Frameworks," in Proc. IEEE Int. Conf. Artif. Intell. (ICAI), 2025, pp. 112-129.
[4] Amazon Web Services, "AWS Frontier Agents: Building Autonomous Systems with Amazon Bedrock," AWS Documentation, Feb. 2026. [Online]. Available: https://docs.aws.amazon.com/bedrock/latest/userguide/frontier-agents.html
[5] M. Wooldridge and N. R. Jennings, "Intelligent agents: Theory and practice," Knowl. Eng. Rev., vol. 10, no. 2, pp. 115-152, 1995.
[6] T. Richards, "Auto-GPT: An Autonomous GPT-4 Experiment," GitHub Repository, 2023. [Online]. Available: https://github.com/Significant-Gravitas/AutoGPT
[7] Significant Gravitas, "AutoGPT Agent Protocol v2.0," Technical Specification, 2025. [Online]. Available: https://agentprotocol.ai/
[8] Anthropic, "Claude 3.5 Sonnet: Model Card and System Prompt," Anthropic PBC, San Francisco, CA, USA, Tech. Rep., 2024. [Online]. Available: https://www.anthropic.com/claude
[9] OpenAI, "OpenAI o1 System Card: Reasoning Model Technical Report," OpenAI, San Francisco, CA, USA, Tech. Rep., Sep. 2024. [Online]. Available: https://openai.com/research/o1
[10] Amazon Web Services, "Amazon Bedrock Agents: User Guide," AWS Documentation, 2025. [Online]. Available: https://docs.aws.amazon.com/bedrock/latest/userguide/agents.html
[11] Amazon Web Services, "Introducing AWS Security Agent: Autonomous Cloud Security Operations," AWS News Blog, Feb. 2026. [Online]. Available: https://aws.amazon.com/blogs/aws/introducing-aws-security-agent
[12] H. Debar, M. Dacier, and A. Wespi, "Towards a taxonomy of intrusion-detection systems," Comput. Netw., vol. 31, no. 8, pp. 805-822, 1999.
[13] Y. Fang, Y. Liu, C. Liu, and Y. Huang, "LLM-Based Multi-Agent Systems for Automated Cyber Offense and Defense," in Proc. IEEE Symp. Security Privacy (SP), 2025, pp. 1847-1864.
[14] M. Happe and J. Cito, "Getting pwn'd by AI: Penetration testing with large language models," in Proc. ACM Joint Eur. Softw. Eng. Conf. Found. Softw. Eng. (ESEC/FSE), 2023, pp. 2082-2086.
[15] K. Wust, A. Gervais, and T. Holz, "Multi-Agent Security Operations Center: Architecture and Evaluation," in Proc. Annu. Comput. Security Appl. Conf. (ACSAC), 2024, pp. 324-338.
[16] G. Deng, Y. Liu, V. Mayoral-Vilches et al., "PentestGPT: An LLM-Empowered Automatic Penetration Testing Tool," in Proc. USENIX Security Symp., 2024, pp. 2929-2946.
[17] A. Happe and J. Cito, "Understanding Hackers' Work: An Empirical Study of Offensive Security Practitioners," in Proc. IEEE/ACM Int. Conf. Softw. Eng. (ICSE), 2024, pp. 1-12.
[18] X. Zhang, L. Chen, and M. Wang, "CyberAgent: A Benchmark for Evaluating Language Model Agents for Cybersecurity Tasks," arXiv preprint arXiv:2402.06664, 2024.
[19] Amazon Web Services, "Amazon GuardDuty: Developer Guide," AWS Documentation, 2025. [Online]. Available: https://docs.aws.amazon.com/guardduty/latest/ug/
[20] MITRE Corporation, "MITRE ATT&CK® Framework for Cloud Platforms," MITRE Corp., McLean, VA, USA, v14.1, 2024. [Online]. Available: https://attack.mitre.org/
[21] OWASP Foundation, "OWASP Top 10 for Large Language Model Applications v1.1," OWASP, 2024. [Online]. Available: https://owasp.org/www-project-top-10-for-large-language-model-applications/
[22] OWASP Foundation, "OWASP AI Security and Privacy Guide," OWASP, 2024. [Online]. Available: https://owasp.org/www-project-ai-security-and-privacy-guide/
[23] H. P. Nii, "Blackboard systems," AI Mag., vol. 7, no. 3, pp. 38-53, 1986.
[24] Gartner, Inc., "Predicts 2025: AI-Augmented Security Operations Will Reduce MTTR by 75% by 2027," Gartner Research Note G00794523, Stamford, CT, USA, Nov. 2024.
[25] Verizon, "2024 Data Breach Investigations Report (DBIR)," Verizon Communications, Basking Ridge, NJ, USA, Tech. Rep., 2024. [Online]. Available: https://www.verizon.com/business/resources/reports/dbir/
[26] ISC2, "(ISC)² Cybersecurity Workforce Study 2024," ISC2, Clearwater, FL, USA, 2024. [Online]. Available: https://www.isc2.org/Research/Workforce-Study
[27] Amazon Web Services, "AWS Security Best Practices," AWS Whitepaper, AWS Well-Architected Framework Security Pillar, 2025. [Online]. Available: https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/
[28] R. Langner, "Stuxnet: Dissecting a cyberwarfare weapon," IEEE Security Privacy, vol. 9, no. 3, pp. 49-51, 2011.
[29] NIST, "NIST Cybersecurity Framework 2.0," National Institute of Standards and Technology, Gaithersburg, MD, USA, NIST CSWP 29, Feb. 2024. [Online]. Available: https://www.nist.gov/cyberframework
[30] J. Park, D. Kim, and H. Lee, "Evaluating Large Language Models for Autonomous Penetration Testing," IEEE Trans. Inf. Forensics Security, vol. 19, pp. 8742-8756, 2024.
