AI 威脅發現項目

Security Command Center 內建一般 AI 相關威脅的偵測工具，以及專為部署至 Vertex AI Agent Engine 執行階段的 AI 代理設計的偵測工具。

一般 AI 威脅

Event Threat Detection 提供下列以記錄為基礎的偵測功能：

• Initial Access: Dormant Service Account Activity in AI Service
• Persistence: New AI API Method
• Persistence: New Geography for AI Service
• Privilege Escalation: Anomalous Impersonation of Service Account for AI Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Data Access
• Privilege Escalation: Anomalous Service Account Impersonator for AI Admin Activity
• Privilege Escalation: Anomalous Service Account Impersonator for AI Data Access

部署至 Vertex AI Agent Engine 執行階段的代理所面臨的威脅

Security Command Center 會對部署至 Vertex AI Agent Engine 執行階段的 AI 代理執行執行階段和控制平面監控。

執行階段發現項目類型

Agent Engine Threat Detection 提供下列執行階段偵測功能：

• Execution: Added Malicious Binary Executed
• Execution: Added Malicious Library Loaded
• Execution: Built in Malicious Binary Executed
• Execution: Container Escape
• Execution: Kubernetes Attack Tool Execution
• Execution: Local Reconnaissance Tool Execution
• Execution: Malicious Python Executed
• Execution: Modified Malicious Binary Executed
• Execution: Modified Malicious Library Loaded
• Malicious Script Executed
• Malicious URL Observed
• Reverse Shell
• Unexpected Child Shell

控制層發現項目類型

Event Threat Detection 可偵測下列控制層：

• Credential Access: Agent Engine Anomalous Access to Metadata Service
• Discovery: Agent Engine Evidence of Port Scanning
• Discovery: Agent Engine Service Account Self-Investigation
• Discovery: Agent Engine Unauthorized Service Account API Call
• Exfiltration: Agent Engine Initiated BigQuery Data Exfiltration
• Exfiltration: Agent Engine Initiated BigQuery Data Extraction
• Exfiltration: Agent Engine Initiated Cloud SQL Exfiltration
• Initial Access: Agent Engine Identity Excessive Permission Denied Actions
• Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project access token)
• Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project OpenID token)
• Privilege Escalation: Agent Engine Suspicious Token Generation (implicit delegation)
• Privilege Escalation: Agent Engine Suspicious Token Generation (signJwt)

後續步驟

• 瞭解 Event Threat Detection。
• 瞭解 Agent Engine Threat Detection。
• 瞭解如何回應 AI 威脅發現結果。
• 請參閱威脅發現項目索引。