Temuan ancaman AI

Security Command Center memiliki detektor untuk ancaman umum terkait AI dan detektor yang dirancang untuk agen AI yang di-deploy ke Runtime Vertex AI Agent Engine.

Ancaman AI umum

Deteksi berbasis log berikut tersedia dengan Event Threat Detection:

• Initial Access: Dormant Service Account Activity in AI Service
• Persistence: New AI API Method
• Persistence: New Geography for AI Service
• Privilege Escalation: Anomalous Impersonation of Service Account for AI Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Data Access
• Privilege Escalation: Anomalous Service Account Impersonator for AI Admin Activity
• Privilege Escalation: Anomalous Service Account Impersonator for AI Data Access

Ancaman terhadap agen yang di-deploy ke Vertex AI Agent Engine Runtime

Security Command Center melakukan pemantauan runtime dan control plane terhadap agen AI yang di-deploy ke Runtime Vertex AI Agent Engine.

Jenis temuan runtime

Deteksi runtime berikut tersedia dengan Deteksi Ancaman Mesin Agen:

• Execution: Added Malicious Binary Executed
• Execution: Added Malicious Library Loaded
• Execution: Built in Malicious Binary Executed
• Execution: Container Escape
• Execution: Kubernetes Attack Tool Execution
• Execution: Local Reconnaissance Tool Execution
• Execution: Malicious Python Executed
• Execution: Modified Malicious Binary Executed
• Execution: Modified Malicious Library Loaded
• Malicious Script Executed
• Malicious URL Observed
• Reverse Shell
• Unexpected Child Shell

Jenis temuan bidang kontrol

Deteksi bidang kontrol berikut tersedia dengan Event Threat Detection:

• Credential Access: Agent Engine Anomalous Access to Metadata Service
• Discovery: Agent Engine Evidence of Port Scanning
• Discovery: Agent Engine Service Account Self-Investigation
• Discovery: Agent Engine Unauthorized Service Account API Call
• Exfiltration: Agent Engine Initiated BigQuery Data Exfiltration
• Exfiltration: Agent Engine Initiated BigQuery Data Extraction
• Exfiltration: Agent Engine Initiated Cloud SQL Exfiltration
• Initial Access: Agent Engine Identity Excessive Permission Denied Actions
• Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project access token)
• Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project OpenID token)
• Privilege Escalation: Agent Engine Suspicious Token Generation (implicit delegation)
• Privilege Escalation: Agent Engine Suspicious Token Generation (signJwt)

Langkah berikutnya

• Pelajari Event Threat Detection.
• Pelajari Deteksi Ancaman Agent Engine.
• Pelajari cara merespons temuan ancaman AI.
• Lihat Indeks temuan ancaman.