T1588.007 Splunk · SPL

Detect Artificial Intelligence in Splunk

Adversaries may obtain access to generative artificial intelligence tools, such as large language models (LLMs), to aid various techniques during targeting. These tools may be used to inform, bolster, and enable a variety of malicious tasks, including conducting Reconnaissance, creating basic scripts, assisting social engineering, and developing payloads. By utilizing publicly available LLMs, adversaries effectively outsource or automate attack preparation tasks — drafting multilingual phishing content, accelerating vulnerability research, generating or refining malicious scripts, and producing AI-generated media (text, audio, images, video) for fraud and impersonation. Detection of this pre-compromise technique is challenging because AI tool access typically occurs on adversary-controlled infrastructure. Detectable signals pivot to: programmatic (non-browser) AI API access from corporate endpoints indicating possible insider threat or compromised workstation; large data uploads to AI services suggesting sensitive data exfiltration via prompt injection; and downstream behavioral indicators of AI-assisted tooling (unusually well-formed payloads, high-quality phishing lures, novel script obfuscation patterns).

MITRE ATT&CK

Tactic
Resource Development
Technique
T1588 Obtain Capabilities
Sub-technique
T1588.007 Artificial Intelligence
Canonical reference
https://attack.mitre.org/techniques/T1588/007/

SPL Detection Query

Splunk (SPL)
spl 
index=proxy OR index=network sourcetype=proxy OR sourcetype="stream:http" OR sourcetype="cisco:wsa:squid"
    (dest_host="api.openai.com" OR dest_host="api.anthropic.com"
     OR dest_host="generativelanguage.googleapis.com"
     OR dest_host="api.cohere.ai" OR dest_host="api-inference.huggingface.co"
     OR dest_host="api.mistral.ai" OR dest_host="api.together.xyz"
     OR dest_host="api.groq.com" OR dest_host="api.perplexity.ai"
     OR dest_host="api.replicate.com" OR dest_host="api.stability.ai"
     OR dest_host="inference.azure.com")
| eval UserAgent=lower(coalesce(http_user_agent, cs_user_agent, "unknown"))
| eval IsBrowser=if(match(UserAgent, "(chrome/|firefox/|safari/|msie|trident/|edg/|opera/)"), 1, 0)
| where IsBrowser=0
| eval BytesUploaded=tonumber(coalesce(bytes_out, cs_bytes, "0"))
| eval IsAPIEndpoint=if(match(coalesce(uri_path, cs_uri_stem, ""), "^/(v1|v2|api|generate|chat|completions|embeddings|images|audio|models)"), 1, 0)
| eval Method=upper(coalesce(http_method, cs_method, "UNKNOWN"))
| eval IsPostRequest=if(Method="POST", 1, 0)
| eval LargePayload=if(BytesUploaded > 50000, 1, 0)
| eval SuspicionScore=IsAPIEndpoint + IsPostRequest + LargePayload
| stats count as Requests,
        sum(BytesUploaded) as TotalBytesUploaded,
        dc(src_ip) as UniqueSourceIPs,
        values(dest_host) as AIServices,
        values(uri_path) as EndpointPaths,
        values(UserAgent) as UserAgents,
        max(SuspicionScore) as MaxSuspicionScore
        by src_ip, user
| where Requests > 0 AND MaxSuspicionScore >= 1
| sort - TotalBytesUploaded
medium severity medium confidence

Detects non-browser programmatic access to known AI service API endpoints using proxy or HTTP stream logs. Filters out standard browser user agents to focus on scripted or automated access patterns. Computes a suspicion score based on API endpoint path patterns, POST request methods (indicating prompt submission), and large payload sizes (potentially indicating bulk data being submitted as AI prompts — a data exfiltration risk). Aggregates by source IP and user to identify accounts making repeated or high-volume AI API calls that bypass standard web interfaces.

Data Sources

Network Traffic: Network Connection CreationApplication Log: Application Log ContentWeb Proxy Logs

Required Sourcetypes

proxystream:httpcisco:wsa:squid

False Positives & Tuning

  • Developer or data science workflows using Python clients (openai SDK, anthropic SDK) for legitimate product development
  • Automated CI/CD test pipelines validating AI feature integrations with production API keys
  • Corporate-approved AI tools making backend API calls (Microsoft Copilot for M365, GitHub Copilot, JetBrains AI Assistant)
  • Security operations tooling that uses AI APIs for log summarization, alert triage, or threat intelligence enrichment
  • Chatbot or virtual assistant infrastructure running on internal servers that proxies employee queries to public AI APIs
Download portable Sigma rule (.yml)

Other platforms for T1588.007

Microsoft Sentinel (KQL) Elastic Security (Elastic) IBM QRadar (QRadar) Sumo Logic CSE (Sumo) Google Chronicle (YARA-L) CrowdStrike LogScale (LogScale) All platforms (combined) →

Testing Methodology

Validate this detection against 5 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1Non-Browser AI API Access via PowerShell

    Expected signal: Sysmon Event ID 1: Process Create with Image=powershell.exe, CommandLine containing 'api.openai.com' and 'Invoke-WebRequest'. Sysmon Event ID 3: Network Connection to api.openai.com:443 (resolved IP) initiated by powershell.exe. Proxy log entry showing GET request to api.openai.com with non-browser User-Agent (WindowsPowerShell). Security Event ID 4688 if command line auditing enabled.

  2. Test 2AI SDK Installation and API Connection via Python

    Expected signal: Sysmon Event ID 11: File Create events for openai package files under %APPDATA%\Python\Python3X\site-packages\openai\. Sysmon Event ID 1: python.exe process with command line containing 'openai' and 'api_key'. Sysmon Event ID 3: Network connection from python.exe to api.openai.com:443. pip.exe process creation downloading from pypi.org.

  3. Test 3curl-Based AI API Simulation from Command Line

    Expected signal: Sysmon Event ID 1: curl.exe process creation with CommandLine containing 'api.openai.com', '-X POST', and the prompt content visible in the -d argument. Sysmon Event ID 3: Network connection from curl.exe to api.openai.com:443. Security Event ID 4688 with full command line if command line auditing enabled. Proxy logs showing POST to api.openai.com/v1/chat/completions with content-length from curl user agent.

  4. Test 4AI API Environment Variable Key Storage Detection

    Expected signal: Sysmon Event ID 1: powershell.exe process with CommandLine containing OPENAI_API_KEY environment variable assignment. Sysmon Event ID 3: Network connection to api.openai.com:443 from powershell.exe. PowerShell ScriptBlock Log Event ID 4104 capturing the full script including the API key value. Security Event ID 4688 with command line.

  5. Test 5Linux AI API Script Execution Simulation

    Expected signal: Auditd SYSCALL execve records for curl process with argv containing api.openai.com. Syslog/auth.log process execution context. Network connection event in auditd SOCKADDR records showing TCP connection to api.openai.com:443. If network monitoring enabled (Zeek/Suricata): HTTP/S SNI field showing api.openai.com in TLS ClientHello.

Last updated: 2026-04-13 Research depth: deep
References (9)

Unlock Pro Content

Get the full detection package for T1588.007 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Parent Technique

T1588Obtain Capabilities

Related Sub-techniques

T1588.001MalwareT1588.002ToolT1588.003Code Signing CertificatesT1588.004Digital CertificatesT1588.005ExploitsT1588.006Vulnerabilities

Related Techniques

T1588Obtain CapabilitiesT1566PhishingT1598Phishing for InformationT1587Develop CapabilitiesT1027Obfuscated Files or InformationT1656ImpersonationT1589Gather Victim Identity InformationT1591Gather Victim Org InformationT1583Acquire Infrastructure

Same Tactic: Resource Development

Popular Detections