Trellix deploys autonomous security agents with Claude in Amazon Bedrock

Trellix, a leading cybersecurity company, uses Claude in Amazon Bedrock to power AI agents that autonomously analyze security alerts, automate development tasks, and streamline operations, allowing human analysts to focus on strategic work while saving thousands of hours of manual effort.

With Claude, Trellix:

• Analyzes security alerts at the scale of hiring 10 additional staff members
• Reduces development time for critical code from 40 hours to under 5 minutes
• Saves an average of 8 hours of staff time for every 100 alerts processed
• Enables junior analysts to perform at senior levels by learning from AI-generated responses

Transforming cybersecurity through autonomous AI agents

Cybersecurity teams struggle with an overwhelming flood of daily security alerts while increasingly sophisticated threat actors continue to develop advanced techniques that can compromise systems before defenders notice the intrusion.

"Cybersecurity faces a fundamental challenge of scale and speed," explains Zachary Krider, Director of Strategy & AI at Trellix. "Attacks move so quickly that data can be extracted or extorted from companies before a human analyst realizes an intrusion has occurred."

Instead of adding more security products that generate additional alerts, Trellix recognized the need for a fundamentally different approach. They developed AI systems that independently perform initial analysis and triage of security events, reducing the burden on human analysts while ensuring no critical threats go undetected.

Choosing Claude for intelligence, reliability, and precision

After evaluating multiple AI models, Trellix selected Claude for its superior performance in complex cybersecurity contexts. Martin Holste, CTO of Cloud & AI at Trellix, highlights Claude's advantages, saying, "Claude is skilled at understanding and following intricate, multi-step processes with high accuracy. It can navigate the nuanced business logic of each company's support processes while catching potential errors before they happen."

Trellix values Claude's ability to make nuanced recommendations when faced with ambiguous data. Holste explains, "What impresses us about Claude is how it avoids absolute declarations. When analyzing security data with unclear signals, Claude will say 'based on these patterns, this outcome is likely' rather than making rigid pronouncements. This approach combines general security principles with our customers' specific contextual knowledge for better decision-making."

Security considerations also influenced the decision. Trellix accesses Claude through Amazon Bedrock, which provides enterprise-grade security and scalability. "Amazon Bedrock offered Trellix the latency, scalability, and reliability to introduce AI-powered security analysis to its customers," says Krider.

How Trellix builds autonomous security agents with Claude

Trellix's Wise platform uses Claude to create an agentic system that autonomously handles security analysis across their extensive portfolio of security products. Instead of requiring customers to interact with yet another security interface, Wise works behind the scenes to thoroughly investigate security events and provide contextualized results.

Holste uses an analogy to explain this approach: "Think about working with an executive assistant. You don't stand over their shoulder while they book your travel arrangements—you simply request the outcome you need and they handle the details independently. That's how our AI agents operate. They work behind the scenes, following established security protocols without requiring constant supervision, then deliver complete analyses when you need them."

Trellix's agentic AI system includes several specialized components:

• Event analysis and triage: Autonomously reviews security events across endpoint, network, email, and cloud environments, identifying connections and prioritizing critical issues
• Contextual threat intelligence: Correlates current activity with historical threat data and the latest intelligence to provide a complete picture of possible attacks
• Automated response recommendations: Suggests specific remediation steps based on best practices and analysis of past successful resolutions
• Cross-platform investigation: Connects insights across Trellix's entire security portfolio and over 500 technical partners, providing a comprehensive view of security posture

Instead of programming rigid procedures, Trellix gives Claude broad strategic direction. Holste explains, "We provide Claude with our security objectives and key considerations. We don't dictate every step of the analysis process. We trust Claude to determine the best next steps based on each specific security situation. This flexibility allows the system to adapt to new threats while following proven security practices."

This approach lets the system adapt to new situations while maintaining consistency in its overall methodology. Trellix grounds these agents in documentation rather than fine-tuning models, following the same approach they would use when onboarding human security engineers.

Measuring ROI and empowering security teams

Trellix built ROI measurement directly into their AI agent system from inception. Holste says, "From day one, every time the agent runs, it calculates how much time it saved a human. For every 100 alerts analyzed, it's eight hours worth of a person’s time saved."

For a typical customer, this translates to value equivalent to hiring 10 additional security analysts—a compelling advantage when skilled security talent is limited. This shift enables security teams to review every single alert instead of selectively sampling or simply ignoring lower-priority events when resources are limited.

The benefits go beyond processing more alerts. Many customers were forced to leave valuable security features unused because they couldn't handle the volume of information generated. "Our customers invested in advanced security capabilities," explains Holste, "but often had to disable them due to insufficient resources to review everything. Now they're finally getting full value from their investment because Claude can analyze everything and surface what actually requires attention."

The ROI for Trellix's development teams is dramatic. Building security parsers and API integrations that once required 40 hours of developer time now takes under 5 minutes—a 99.8% reduction in time investment. "There was growing customer frustration with connector build times," says Krider. "With our Sidekick platform using Claude in Amazon Bedrock, we reduced integration time, eliminating backlogs and improving customer satisfaction."

The most unexpected benefit was the impact on staff development. Security professionals, especially at more junior levels, are learning faster by watching how the AI analyzes threats. "Our customers say their teams are improving their skills just by reviewing Wise's work," explains Krider. "They observe how it approaches complex security problems and quickly adopt those techniques themselves." This natural learning process has transformed traditional security training. What took years of on-the-job experience to master can now be learned in weeks, creating more confident and capable security teams.

Building the future of AI-powered cybersecurity

Trellix believes AI will reshape cybersecurity by enabling truly comprehensive protection for the first time. The traditional security landscape has been marked by an endless game of catch-up, with defenders scrambling to respond to increasingly sophisticated threats. But that dynamic is about to change.

Holste explains, "The security industry has always moved too slowly compared to attackers. AI fundamentally changes the equation—it's like giving defenders a jetpack when they've been limited to walking." This transformation isn't just about speed—it heralds a new era where security teams can finally get ahead of threats, predict attacks before they happen, and protect digital assets with unprecedented effectiveness. For the first time in cybersecurity history, defenders will have the tools to not just keep pace with attackers, but to take the lead in safeguarding our digital future.