If GuardDuty sees "right now someone is conducting malicious activity," then Amazon Inspector sees "before exploitation, where are the weaknesses?" GuardDuty detects threats (actual hostile activity) while Inspector detects vulnerabilities (exploitable weaknesses). The timing differs — vulnerabilities are potential weak points, threats are real activities exploiting those weak points (or entering by other routes). Secure operations require both: reduce weak points (Inspector) and catch breaches (GuardDuty).