Risultati delle minacce AI

Security Command Center dispone di rilevatori per minacce generali correlate all'AI e di rilevatori progettati per gli agenti AI di cui è stato eseguito il deployment in Vertex AI Agent Engine Runtime.

Minacce AI generiche

I seguenti rilevamenti basati sui log sono disponibili con Event Threat Detection:

• Initial Access: Dormant Service Account Activity in AI Service
• Persistence: New AI API Method
• Persistence: New Geography for AI Service
• Privilege Escalation: Anomalous Impersonation of Service Account for AI Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Data Access
• Privilege Escalation: Anomalous Service Account Impersonator for AI Admin Activity
• Privilege Escalation: Anomalous Service Account Impersonator for AI Data Access

Minacce agli agenti di cui è stato eseguito il deployment nel runtime di Vertex AI Agent Engine

Security Command Center esegue il monitoraggio runtime e del control plane degli agenti AI di cui è stato eseguito il deployment nel runtime di Vertex AI Agent Engine.

Tipi di risultati di runtime

Le seguenti rilevazioni runtime sono disponibili con Agent Engine Threat Detection:

• Execution: Added Malicious Binary Executed
• Execution: Added Malicious Library Loaded
• Execution: Built in Malicious Binary Executed
• Execution: Container Escape
• Execution: Kubernetes Attack Tool Execution
• Execution: Local Reconnaissance Tool Execution
• Execution: Malicious Python Executed
• Execution: Modified Malicious Binary Executed
• Execution: Modified Malicious Library Loaded
• Malicious Script Executed
• Malicious URL Observed
• Reverse Shell
• Unexpected Child Shell

Tipi di risultati del control plane

Con Event Threat Detection sono disponibili i seguenti rilevamenti del control plane:

• Credential Access: Agent Engine Anomalous Access to Metadata Service
• Discovery: Agent Engine Evidence of Port Scanning
• Discovery: Agent Engine Service Account Self-Investigation
• Discovery: Agent Engine Unauthorized Service Account API Call
• Exfiltration: Agent Engine Initiated BigQuery Data Exfiltration
• Exfiltration: Agent Engine Initiated BigQuery Data Extraction
• Exfiltration: Agent Engine Initiated Cloud SQL Exfiltration
• Initial Access: Agent Engine Identity Excessive Permission Denied Actions
• Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project access token)
• Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project OpenID token)
• Privilege Escalation: Agent Engine Suspicious Token Generation (implicit delegation)
• Privilege Escalation: Agent Engine Suspicious Token Generation (signJwt)

Passaggi successivi

• Scopri di più su Event Threat Detection.
• Scopri di più su Agent Engine Threat Detection.
• Scopri come rispondere ai risultati delle minacce AI.
• Consulta l'indice dei risultati delle minacce.