AI Mitigation

AI Telemetry Logging - AI Mitigation

Implement logging of inputs and outputs of deployed AI models. When deploying AI agents, implement logging of the intermediate steps of agentic actions and decisions, data access and tool use, installation commands, and identity of the agent. Monitoring logs can help to detect security threats and mitigate impacts. Additionally, having logging enabled can discourage adversaries who want to remain undetected from u...

View mitigations Read context

AI MitigationDeploymentMonitoring and MaintenanceTechnical - Cyber

Record summary

A quick snapshot of what this page covers.

Techniques17Attacks this defense is designed to help with.

Lifecycle2Where this defense applies in the AI lifecycle.

Categories1How the source groups this defense.

Control summary

What this defense is meant to help prevent.

Implement logging of inputs and outputs of deployed AI models. When deploying AI agents, implement logging of the intermediate steps of agentic actions and decisions, data access and tool use, installation commands, and identity of the agent. Monitoring logs can help to detect security threats and mitigate impacts.

Additionally, having logging enabled can discourage adversaries who want to remain undetected from utilizing AI resources.

ATLAS ID: AML.M0024
Priority score: 85

DeploymentMonitoring and Maintenance

Technical - Cyber

Covered techniques

Attacks this defense is designed to help with.

AML.T0053 - AI Agent Tool Invocation

demonstrated

Log AI agent tool invocations to detect malicious calls.

AML.T0085.001 - AI Agent Tools

demonstrated

Log requests to AI services to detect malicious queries for data.

AML.T0040 - AI Model Inference API Access

realized

Telemetry logging can help audit API usage of the model.

AML.T0047 - AI-Enabled Product or Service

realized

Telemetry logging can help identify if sensitive model information has been sent to an attacker.

AML.T0101 - Data Destruction via AI Agent Tool Invocation

realized

Log AI agent tool invocations to detect malicious calls.

AML.T0085 - Data from AI Services

demonstrated

Log requests to AI services to detect malicious queries for data.

AML.T0051.000 - Direct

realized

Telemetry logging can help identify if unsafe prompts have been submitted to the LLM.

AML.T0086 - Exfiltration via AI Agent Tool Invocation

realized

Log AI agent tool invocations to detect malicious calls.

AML.T0024 - Exfiltration via AI Inference API

realized

Telemetry logging can help identify if sensitive data has been exfiltrated.

AML.T0024.002 - Extract AI Model

realized

Telemetry logging can help identify if sensitive data has been exfiltrated.

AML.T0051.001 - Indirect

demonstrated

Telemetry logging can help identify if unsafe prompts have been submitted to the LLM.

AML.T0024.000 - Infer Training Data Membership

feasible

Telemetry logging can help identify if sensitive data has been exfiltrated.

AML.T0024.001 - Invert AI Model

feasible

Telemetry logging can help identify if sensitive data has been exfiltrated.

AML.T0051 - LLM Prompt Injection

realized

Telemetry logging can help identify if unsafe prompts have been submitted to the LLM.

AML.T0085.000 - RAG Databases

demonstrated

Log requests to AI services to detect malicious queries for data.

AML.T0005.001 - Train Proxy via Replication

demonstrated

Telemetry logging can help identify if a proxy training dataset has been exfiltrated.

AML.T0051.002 - Triggered

demonstrated

Telemetry logging can help identify if unsafe prompts have been submitted to the LLM.

Source

Where this page information comes from.

Original source

Original source links

Open the public records and source datasets used for this page.

Repositoryhttps://github.com/mitre-atlas/atlas-data ATLAS.yamlhttps://github.com/mitre-atlas/atlas-data/blob/main/dist/ATLAS.yaml Schemahttps://github.com/mitre-atlas/atlas-data/blob/main/dist/schemas/atlas_output_schema.json