AI 威脅發現項目

Security Command Center 內建一般 AI 相關威脅的偵測工具，以及專為部署至 Vertex AI Agent Engine Runtime 的 AI 代理設計的偵測工具。

一般 AI 威脅

Event Threat Detection 提供下列以記錄檔為基礎的偵測功能：

• Initial Access: Dormant Service Account Activity in AI Service
• Persistence: New AI API Method
• Persistence: New Geography for AI Service
• Privilege Escalation: Anomalous Impersonation of Service Account for AI Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Data Access
• Privilege Escalation: Anomalous Service Account Impersonator for AI Admin Activity
• Privilege Escalation: Anomalous Service Account Impersonator for AI Data Access

部署至 Vertex AI Agent Engine 執行階段的代理所面臨的威脅

Security Command Center 會對部署至 Vertex AI Agent Engine 執行階段的 AI 代理執行執行階段和控制層監控。

執行階段發現項目類型

Agent Engine Threat Detection 提供下列執行階段偵測功能：

• Execution: Added Malicious Binary Executed
• Execution: Added Malicious Library Loaded
• Execution: Built in Malicious Binary Executed
• Execution: Container Escape
• Execution: Kubernetes Attack Tool Execution
• Execution: Local Reconnaissance Tool Execution
• Execution: Malicious Python Executed
• Execution: Modified Malicious Binary Executed
• Execution: Modified Malicious Library Loaded
• Malicious Script Executed
• Malicious URL Observed
• Reverse Shell
• Unexpected Child Shell

控制層發現項目類型

Event Threat Detection 提供下列控制層偵測功能：

• Credential Access: AI Agent Anomalous Access to Metadata Service
• Discovery: AI Agent Service Account Self-Investigation
• Discovery: AI Agent Unauthorized Service Account API Call
• Discovery: Evidence of Port Scanning from AI Agent
• Exfiltration: AI Agent Initiated BigQuery Data Exfiltration to External Table
• Exfiltration: AI Agent Initiated BigQuery Data Extraction
• Exfiltration: AI Agent Initiated BigQuery VPC Perimeter Violation
• Exfiltration: AI Agent Initiated CloudSQL Exfiltration to External Bucket
• Exfiltration: AI Agent Initiated CloudSQL Exfiltration to Public Bucket
• Initial Access: AI Agent Identity Excessive Permission Denied Actions
• Privilege Escalation: AI Agent Suspicious Cross-Project Access Token Generation
• Privilege Escalation: AI Agent Suspicious Cross-Project OpenID Token Generation
• Privilege Escalation: AI Agent Suspicious Token Generation Using Implicit Delegation
• Privilege Escalation: AI Agent Suspicious Token Generation Using signJwt

後續步驟

• 瞭解 Event Threat Detection。
• 瞭解 Agent Engine Threat Detection。
• 瞭解如何回應 AI 威脅發現結果。
• 請參閱威脅發現項目索引。