Descobertas de ameaças de IA

O Security Command Center tem detectores para ameaças gerais relacionadas à IA e detectores projetados para agentes de IA implantados no ambiente de execução do Vertex AI Agent Engine.

Ameaças gerais de IA

As seguintes detecções baseadas em registros estão disponíveis com o Event Threat Detection:

• Initial Access: Dormant Service Account Activity in AI Service
• Persistence: New AI API Method
• Persistence: New Geography for AI Service
• Privilege Escalation: Anomalous Impersonation of Service Account for AI Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Data Access
• Privilege Escalation: Anomalous Service Account Impersonator for AI Admin Activity
• Privilege Escalation: Anomalous Service Account Impersonator for AI Data Access

Ameaças a agentes implantados no ambiente de execução do Vertex AI Agent Engine

O Security Command Center realiza o monitoramento de tempo de execução e plano de controle dos agentes de IA implantados no tempo de execução do Vertex AI Agent Engine.

Tipos de descobertas de ambiente de execução

As seguintes detecções de tempo de execução estão disponíveis com a Agent Engine Threat Detection:

• Execution: Added Malicious Binary Executed
• Execution: Added Malicious Library Loaded
• Execution: Built in Malicious Binary Executed
• Execution: Container Escape
• Execution: Kubernetes Attack Tool Execution
• Execution: Local Reconnaissance Tool Execution
• Execution: Malicious Python Executed
• Execution: Modified Malicious Binary Executed
• Execution: Modified Malicious Library Loaded
• Malicious Script Executed
• Malicious URL Observed
• Reverse Shell
• Unexpected Child Shell

Tipos de descobertas do plano de controle

As seguintes detecções do plano de controle estão disponíveis com a Detecção de ameaça a eventos:

• Credential Access: Agent Engine Anomalous Access to Metadata Service
• Discovery: Agent Engine Evidence of Port Scanning
• Discovery: Agent Engine Service Account Self-Investigation
• Discovery: Agent Engine Unauthorized Service Account API Call
• Exfiltration: Agent Engine Initiated BigQuery Data Exfiltration
• Exfiltration: Agent Engine Initiated BigQuery Data Extraction
• Exfiltration: Agent Engine Initiated Cloud SQL Exfiltration
• Initial Access: Agent Engine Identity Excessive Permission Denied Actions
• Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project access token)
• Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project OpenID token)
• Privilege Escalation: Agent Engine Suspicious Token Generation (implicit delegation)
• Privilege Escalation: Agent Engine Suspicious Token Generation (signJwt)

A seguir

• Saiba mais sobre a Detecção de ameaças a eventos.
• Saiba mais sobre a Agent Engine Threat Detection.
• Saiba como responder a descobertas de ameaças de IA.
• Consulte Índice de descobertas de ameaças.