T1588.007 Elastic Security · Elastic

Detect Artificial Intelligence in Elastic Security

Adversaries may obtain access to generative artificial intelligence tools, such as large language models (LLMs), to aid various techniques during targeting. These tools may be used to inform, bolster, and enable a variety of malicious tasks, including conducting Reconnaissance, creating basic scripts, assisting social engineering, and developing payloads. By utilizing publicly available LLMs, adversaries effectively outsource or automate attack preparation tasks — drafting multilingual phishing content, accelerating vulnerability research, generating or refining malicious scripts, and producing AI-generated media (text, audio, images, video) for fraud and impersonation. Detection of this pre-compromise technique is challenging because AI tool access typically occurs on adversary-controlled infrastructure. Detectable signals pivot to: programmatic (non-browser) AI API access from corporate endpoints indicating possible insider threat or compromised workstation; large data uploads to AI services suggesting sensitive data exfiltration via prompt injection; and downstream behavioral indicators of AI-assisted tooling (unusually well-formed payloads, high-quality phishing lures, novel script obfuscation patterns).

MITRE ATT&CK

Tactic
Resource Development
Technique
T1588 Obtain Capabilities
Sub-technique
T1588.007 Artificial Intelligence
Canonical reference
https://attack.mitre.org/techniques/T1588/007/

Elastic Detection Query

Elastic Security (Elastic)
eql 
sequence by host.name, user.name with maxspan=5m
  [network where event.type == "connection" and
   (
     dns.question.name in ("api.openai.com", "api.anthropic.com", "generativelanguage.googleapis.com",
                           "api.cohere.ai", "api-inference.huggingface.co", "api.mistral.ai",
                           "api.together.xyz", "api.groq.com", "api.perplexity.ai",
                           "api.replicate.com", "api.stability.ai", "api.ai21.com")
     or network.destination.domain in ("api.openai.com", "api.anthropic.com",
                                       "generativelanguage.googleapis.com",
                                       "api.cohere.ai", "api-inference.huggingface.co",
                                       "api.mistral.ai", "api.together.xyz", "api.groq.com",
                                       "api.perplexity.ai", "api.replicate.com",
                                       "api.stability.ai", "api.ai21.com")
   ) and
   process.name in ("python.exe", "python3.exe", "python3", "python",
                    "powershell.exe", "pwsh.exe",
                    "cmd.exe", "wscript.exe", "cscript.exe",
                    "curl.exe", "curl", "wget.exe", "wget",
                    "node.exe", "node",
                    "mshta.exe", "regsvr32.exe", "rundll32.exe",
                    "wmic.exe", "msbuild.exe")]
  [network where event.type == "connection" and
   network.direction == "egress" and
   destination.port == 443]
medium severity medium confidence

Detects programmatic (non-browser) connections to known AI API service endpoints initiated by scripting runtimes, CLI tools, or LOLBins — indicating potential adversarial AI tool access from a corporate endpoint. Uses ECS network and process fields to correlate the initiating process with the outbound connection.

Data Sources

Elastic Endpoint SecurityElastic Network Packet CaptureAuditbeatWinlogbeat with Sysmon

Required Tables

logs-endpoint.events.network-*logs-endpoint.events.process-*packetbeat-*

False Positives & Tuning

  • Developers running LLM-integrated tools (Copilot CLI, local AI scripts) from workstations
  • IT automation scripts that query AI APIs for legitimate operational purposes (e.g., log summarization pipelines)
  • Security tools that use AI APIs for threat intelligence enrichment
  • Data science teams running Jupyter notebooks with API-integrated models
Download portable Sigma rule (.yml)

Other platforms for T1588.007

Microsoft Sentinel (KQL) Splunk (SPL) IBM QRadar (QRadar) Sumo Logic CSE (Sumo) Google Chronicle (YARA-L) CrowdStrike LogScale (LogScale) All platforms (combined) →

Testing Methodology

Validate this detection against 5 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1Non-Browser AI API Access via PowerShell

    Expected signal: Sysmon Event ID 1: Process Create with Image=powershell.exe, CommandLine containing 'api.openai.com' and 'Invoke-WebRequest'. Sysmon Event ID 3: Network Connection to api.openai.com:443 (resolved IP) initiated by powershell.exe. Proxy log entry showing GET request to api.openai.com with non-browser User-Agent (WindowsPowerShell). Security Event ID 4688 if command line auditing enabled.

  2. Test 2AI SDK Installation and API Connection via Python

    Expected signal: Sysmon Event ID 11: File Create events for openai package files under %APPDATA%\Python\Python3X\site-packages\openai\. Sysmon Event ID 1: python.exe process with command line containing 'openai' and 'api_key'. Sysmon Event ID 3: Network connection from python.exe to api.openai.com:443. pip.exe process creation downloading from pypi.org.

  3. Test 3curl-Based AI API Simulation from Command Line

    Expected signal: Sysmon Event ID 1: curl.exe process creation with CommandLine containing 'api.openai.com', '-X POST', and the prompt content visible in the -d argument. Sysmon Event ID 3: Network connection from curl.exe to api.openai.com:443. Security Event ID 4688 with full command line if command line auditing enabled. Proxy logs showing POST to api.openai.com/v1/chat/completions with content-length from curl user agent.

  4. Test 4AI API Environment Variable Key Storage Detection

    Expected signal: Sysmon Event ID 1: powershell.exe process with CommandLine containing OPENAI_API_KEY environment variable assignment. Sysmon Event ID 3: Network connection to api.openai.com:443 from powershell.exe. PowerShell ScriptBlock Log Event ID 4104 capturing the full script including the API key value. Security Event ID 4688 with command line.

  5. Test 5Linux AI API Script Execution Simulation

    Expected signal: Auditd SYSCALL execve records for curl process with argv containing api.openai.com. Syslog/auth.log process execution context. Network connection event in auditd SOCKADDR records showing TCP connection to api.openai.com:443. If network monitoring enabled (Zeek/Suricata): HTTP/S SNI field showing api.openai.com in TLS ClientHello.

Last updated: 2026-04-13 Research depth: deep
References (9)

Unlock Pro Content

Get the full detection package for T1588.007 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Parent Technique

T1588Obtain Capabilities

Related Sub-techniques

T1588.001MalwareT1588.002ToolT1588.003Code Signing CertificatesT1588.004Digital CertificatesT1588.005ExploitsT1588.006Vulnerabilities

Related Techniques

T1588Obtain CapabilitiesT1566PhishingT1598Phishing for InformationT1587Develop CapabilitiesT1027Obfuscated Files or InformationT1656ImpersonationT1589Gather Victim Identity InformationT1591Gather Victim Org InformationT1583Acquire Infrastructure

Same Tactic: Resource Development

Popular Detections