Data from AI Services - AI Security Technique
AI Security TechniqueAdversaries may use their access to a victim organization's AI-enabled services to collect proprietary or otherwise sensitive information. As organizations adopt generative AI in centralized services for accessing an organization's data, such as with chat agents which can access retrieval augmented generation (RAG) databases and other data sources via tools, they become increasingly valuable targets for adversarie...
Overview
A source-backed snapshot of this AI security technique.
Adversaries may use their access to a victim organization's AI-enabled services to collect proprietary or otherwise sensitive information. As organizations adopt generative AI in centralized services for accessing an organization's data, such as with chat agents which can access retrieval augmented generation (RAG) databases and other data sources via tools, they become increasingly valuable targets for adversaries.
AI agents may be configured to have access to tools and data sources that are not directly accessible by users. Adversaries may abuse this to collect data that a regular user wouldn't be able to access directly.
Technique details
Identifiers, maturity, and source taxonomy for this technique.
- ATLAS ID
- AML.T0085
- Maturity
- demonstrated
- Priority score
- 35
Attack flow
How to read the public records connected to this technique.
Impact
Why this technique may deserve attention in the current dataset.
- Evidence leveldemonstrated
- Mapped defenses5 ATLAS mitigation records
- Public examples0 linked case study records
- Research risks0 related MIT AI Risk records above the confidence threshold
- Vulnerabilities0 linked CVE records
Mitigations
Defenses that may help against this attack.
AML.M0028 - AI Agent Tools Permissions Configuration
Configuring AI Agent tools with access controls inherited from the user or the AI Agent invoking the tool can limit adversary's access to sensitive data.
AML.M0024 - AI Telemetry Logging
Log requests to AI services to detect malicious queries for data.
AML.M0026 - Privileged AI Agent Permissions Configuration
Configuring privileged AI agents with proper access controls can limit an adversary's ability to collect data from AI services if the agent is compromised.
AML.M0032 - Segmentation of AI Agent Components
Segmentation can prevent adversaries from utilizing tools in an agentic workflow to collect sensitive data from AI services.
Showing 4 of 5
Case studies
Examples from public reports and exercises.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
