Techniquecommand-and-controlATLAS

AML.T0108AI Agent

What it is

Adversaries may abuse AI agents present on the victim's system for command and control. AI agents are often granted access to tools that can execute shell commands, reach out to the internet, and interact with other services in the victim's environment, making them capable C2 agents. The adversary may modify the behavior of an AI agent for C2 via [LLM Prompt Injection](/techniques/AML.T0051) and rely on the agent's ability to invoke tools to retrieve and execute the adversary's commands. They may maintain persistent control of an agent via [Modify AI Agent Configuration](/techniques/AML.T0081) or [AI Agent Context Poisoning](/techniques/AML.T0080). They may instruct the agent to not report their actions to the user in an attempt to remain covert.

References

  1. https://atlas.mitre.org/techniques/AML.T0108

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

ATLAS
Deploy AI Agent
ATLAS
Modify AI Agent Configuration
ATLAS
AI Agent Tool Poisoning
ATLAS
AI Agent Tool Invocation
ATLAS
AI Agent Context Poisoning
ATLAS
Discover AI Agent Configuration
Sourced from MITRE ATLAS — Adversarial Threat Landscape for AI Systems. Curated by Adam Lundqvist, SQUR.