Amazon Web Services appears to be ramping up its security chops. TechCrunch has learned that the e-commerce giant’s cloud services group quietly acquired cyber security firm harvest.ai.

The San Diego-based startup, co-founded by a team that includes two former NSA employees, uses machine learning and artificial intelligence to analyze user behavior around a company’s key IP to try to identify and stop targeted attacks before valuable customer data can be swiped.

We were alerted to the acquisition by a tipster, who said the purchase price for harvest.ai was $19 million — a good return, considering that the startup only raised $2.3 million. The tipster also said the team’s 12 employees are relocating to Amazon’s Seattle headquarters.

Amazon told TechCrunch, in response to our questions about the startup, that it does not comment on rumors and speculation. Co-founders for harvest.ai, contacted about this deal, did not respond to our questions.

However, we have several pieces of evidence that point to an acquisition.

— A second source that wishes to remain anonymous tells us the deal is closed. The source added that the value was closer to $20 million.

— Seed investor, Trinity Ventures, notes harvest.ai as ‘acquired’ on its portfolio page but does not specify by whom.

— Another investor in the startup, Kelly Perdew of LA’s Moonshots Capital, which co-invested with Trinity in the seed round, also lists the firm as ‘acquired by undisclosed’ on his LinkedIn page.

— Several former harvest.ai software developers are already listed as employees of AWS on their LinkedIn pages — two commencing at AWS in April 2016.

None of the three co-founders list Amazon as a workplace on LinkedIn (not in publicly accessible way, at least), but we’ve been able to uncover evidence that two of the co-founders, Anna Zelenak and Alex Watson (who are married), in 2016 relocated to Seattle, where Amazon is headquartered. A third co-founder, Jenny Brinkley, lists Amazon as her employer on a political contributions database.

Harvest.ai had already been a customer of AWS, featuring in its ‘startup spotlight’ series, which aims to publicize the platform to entrepreneurs who are scaling businesses with limited resources.

The startup’s Twitter account appears to have stopped tweeting in March last year — the same month there was also a change in registration for the domain name of its prior name. (The harvest.ai domain name registration appears to have changed in June last year.)

Harvest.ai’s flagship, patent-pending AI product is called MACIE Analytics. It uses AI to monitor how a customer’s intellectual property is being accessed in real-time, assessing who is looking at, copying or moving particular documents, and where they are when they’re doing this, in order to identify suspicious patterns of behavior and flag potential data breaches before they’ve taken place. It bills the service as a way to combat the risk of insider attacks.

“MACIE can automatically identify risk to the business of data that is being exposed or shared outside the organization and remediate based on policies in near real-time,” it writes on its website.

“MACIE integrates with your cloud and on-premise systems, examining patterns of logins, remote network access, access to data and documents to discover attacks and compile a comprehensive case for further review.”

The startup launched its service in March 2015, when it also rebranded from its prior name of 405Labs and detailed its $2.3M seed round. According to CrunchBase, the business was founded in September 2014. (You do have to wonder if the founders’ inspiration came from NSA whistleblower Edward Snowden swiping all those classified documents from their ex employer, back in 2013… )

As for how Amazon may apply harvest.ai at AWS, there are a couple of areas.

The first of these is in Amazon’s own security-as-a-service features. AWS already offers embedded security features and tools for users of its cloud services platform. Although there are third parties who offer security features for cloud services, Amazon has also moved into this area, given how vital it is for customers to trust it to lock down their key business assets.

And, as ever with security, it’s an arms race to keep on top of evolving threats, so it may be that harvest.ai was acquired to beef up those capabilities. Amazon CTO Werner Vogels has described security as one of the five supporting pillars of every service it builds for customers.

Last fall, for example, the company announced Amazon Inspector: a service that analyzes a customer’s AWS instances and reports back with any security or compliance issues, generating a vulnerability report. A more sophisticated, AI-powered threat alert service such as harvest.ai’s user behavior monitoring system could similarly be incorporated into the AWS platform itself — or sold as a standalone service.

There is also the wider area of AI and how Amazon is monetising that. While Alexa and the Amazon Echo hub are fast becoming household names, there is a second track of AI development at Amazon, at the AWS enterprise level. Last November, Amazon launched the Amazon AI platform as a way to monetize its in-house AI smarts by making different services available as services to outsiders. The first three offerings were image recognition, text-to-speech, and voice recognition.

At the launch of that platform, AWS CEO Andy Jassy said: “We do a lot of AI in our company. We have thousands of people dedicated to AI in our business.”

Beyond harvest.ai offering another Amazon another AI-powered string for its services bow, the startup’s team of 12 will be topping up Bezos & Co.’s in-house AI talent, which in itself is no small detail, as demand for AI engineers continues to run well over capacity across the tech industry.