Record summary
A quick snapshot of what this page covers.
Attack context
How this AI attack works in practice.
Adversaries may search public websites and/or domains for information about victims that can be used during targeting. Information about victims may be available in various online sites, such as social media, new sites, or domains owned by the victim.
Adversaries may find the information they seek to gather via search engines. They can use precise search queries to identify software platforms or services used by the victim to use in targeting. This may be followed by Exploit Public-Facing Application or Prompt Infiltration via Public-Facing Application.
- ATLAS ID
- AML.T0095
- ATT&CK external ID
- T1593
- Priority score
- 30
Mitigations
Defenses that may help against this attack.
Case studies
Examples from public reports and exercises.
Living Off AI: Prompt Injection via Jira Service Management
Researchers from Cato Networks demonstrated how adversaries can exploit AI-powered systems embedded in enterprise workflows to execute malicious actions with elevated privileges. This is achieved by crafting malicious inputs from external users such as support tickets that are later processed by internal users or automated systems using AI agents. These AI agents, operating with internal context and trust, may interpret and execute the malicious instructions, leading to unauthorized actions such as data exfiltration, privilege escalation, or system manipulation.
Source
Where this page information comes from.
Original source
Original source links
Open the public records and source datasets used for this page.