Amazon GuardDuty adds AI-powered threat investigations (Preview)
Amazon GuardDuty is introducing a preview of AI-powered investigations to help security teams automatically analyze findings and distinguish true threats. This feature aims to reduce manual investigation time and alert fatigue, accelerating incident response for cloud security analysts. It provides disposition assessments, MITRE ATT&CK classifications, and recommendations, and is available in preview across 10 AWS Regions.
- →AI-powered investigations analyze GuardDuty findings for faster threat detection
- →Investigations provide context, confidence scoring, and actionable recommendations
- →Preview available in 10 AWS Regions, accessible via console, CLI, and API
Features (1) ›
- AI-powered investigations analyze GuardDuty findings for faster threat detection
Amazon GuardDuty now offers AI-powered investigations in preview, which automatically analyze findings and account activity to quickly identify genuine threats. This feature helps reduce manual effort and improve incident response times for security operations centers.
Enhancements (1) ›
- Investigations provide context, confidence scoring, and actionable recommendations
Each AI-powered investigation includes a disposition assessment with confidence scoring, MITRE ATT&CK technique classification, supporting evidence, and actionable recommendations for threat suppression, containment, or remediation. This automation allows security teams to focus on critical threats across AWS accounts or Organizations.
Notes (1) ›
- Preview available in 10 AWS Regions, accessible via console, CLI, and API
This new capability is currently in preview across 10 specific AWS Regions. Users can access AI-powered investigations through the Amazon GuardDuty console, Command Line Interface (CLI), Application Programming Interface (API), or AWS' MCP Server.
https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-guardduty/