Security Command Center 內建一般 AI 相關威脅的偵測工具,以及專為部署至 Vertex AI Agent Engine Runtime 的 AI 代理設計的偵測工具。
一般 AI 威脅
Event Threat Detection 提供下列以記錄檔為基礎的偵測功能:
Initial Access: Dormant Service Account Activity in AI ServicePersistence: New AI API MethodPersistence: New Geography for AI ServicePrivilege Escalation: Anomalous Impersonation of Service Account for AI Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for AI Data AccessPrivilege Escalation: Anomalous Service Account Impersonator for AI Admin ActivityPrivilege Escalation: Anomalous Service Account Impersonator for AI Data Access
部署至 Vertex AI Agent Engine 執行階段的代理所面臨的威脅
Security Command Center 會對部署至 Vertex AI Agent Engine 執行階段的 AI 代理執行執行階段和控制平面監控。
執行階段發現項目類型
Agent Engine Threat Detection 提供下列執行階段偵測功能:
Execution: Added Malicious Binary ExecutedExecution: Added Malicious Library LoadedExecution: Built in Malicious Binary ExecutedExecution: Container EscapeExecution: Kubernetes Attack Tool ExecutionExecution: Local Reconnaissance Tool ExecutionExecution: Malicious Python ExecutedMalicious Script ExecutedMalicious URL ObservedExecution: Modified Malicious Binary ExecutedExecution: Modified Malicious Library LoadedReverse ShellUnexpected Child Shell
控制層發現項目類型
Event Threat Detection 提供下列控制層偵測功能:
Exfiltration: Agent Engine Initiated BigQuery Data ExtractionExfiltration: Agent Engine Initiated BigQuery Data ExfiltrationExfiltration: Agent Engine Initiated Cloud SQL ExfiltrationInitial Access: Agent Engine Identity Excessive Permission Denied ActionsDiscovery: Agent Engine Service Account Self-InvestigationPrivilege Escalation: Agent Engine Suspicious Token Generation (cross-project access token)Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project OpenID token)Privilege Escalation: Agent Engine Suspicious Token Generation (implicit delegation)