Final answer:
AWS Macie is the service designed specifically to discover and protect sensitive data in Amazon S3 buckets, utilizing machine learning to scan for sensitive information and alert of potential data leaks.
Step-by-step explanation:
The AWS service a company can use to discover and protect sensitive data stored in Amazon S3 buckets is AWS Macie. Unlike AWS CloudTrail, which logs and monitors account activity, AWS Macie uses machine learning and pattern matching to scan and identify sensitive data such as personally identifiable information (PII). It can then assist in its protection through automatic alerts when it detects a potential leak or unauthorized access to sensitive data. AWS Config is used for configuration tracking and auditing, while AWS GuardDuty is focused on threat detection and continuous monitoring for malicious activity. Thus, for the specific task of discovering and protecting sensitive data in S3 buckets, AWS Macie is the correct service to use.