Detect Artificial Intelligence in Sumo Logic CSE
Adversaries may obtain access to generative artificial intelligence tools, such as large language models (LLMs), to aid various techniques during targeting. These tools may be used to inform, bolster, and enable a variety of malicious tasks, including conducting Reconnaissance, creating basic scripts, assisting social engineering, and developing payloads. By utilizing publicly available LLMs, adversaries effectively outsource or automate attack preparation tasks — drafting multilingual phishing content, accelerating vulnerability research, generating or refining malicious scripts, and producing AI-generated media (text, audio, images, video) for fraud and impersonation. Detection of this pre-compromise technique is challenging because AI tool access typically occurs on adversary-controlled infrastructure. Detectable signals pivot to: programmatic (non-browser) AI API access from corporate endpoints indicating possible insider threat or compromised workstation; large data uploads to AI services suggesting sensitive data exfiltration via prompt injection; and downstream behavioral indicators of AI-assisted tooling (unusually well-formed payloads, high-quality phishing lures, novel script obfuscation patterns).
MITRE ATT&CK
- Tactic
- Resource Development
- Technique
- T1588 Obtain Capabilities
- Sub-technique
- T1588.007 Artificial Intelligence
- Canonical reference
- https://attack.mitre.org/techniques/T1588/007/
Sumo Detection Query
(_sourceCategory=proxy OR _sourceCategory=network/proxy OR _sourceCategory=bluecoat OR _sourceCategory=squid)
| where dest_host matches "api.openai.com" or dest_host matches "api.anthropic.com"
or dest_host matches "generativelanguage.googleapis.com"
or dest_host matches "api.cohere.ai" or dest_host matches "api-inference.huggingface.co"
or dest_host matches "api.mistral.ai" or dest_host matches "api.together.xyz"
or dest_host matches "api.groq.com" or dest_host matches "api.perplexity.ai"
or dest_host matches "api.replicate.com" or dest_host matches "api.stability.ai"
or dest_host matches "api.ai21.com" or dest_host matches "inference.azure.com"
| parse field=http_user_agent "*" as raw_ua nodrop
| parse field=cs_user_agent "*" as raw_ua2 nodrop
| if (isEmpty(raw_ua), raw_ua2, raw_ua) as user_agent
| toLowerCase(user_agent) as ua_lower
| if (ua_lower matches "*(chrome/|firefox/|safari/|edg/|msie|trident/|opera/)*/i", 1, 0) as is_browser
| where is_browser = 0
| parse field=uri_path "*" as endpoint nodrop
| parse field=cs_uri_stem "*" as endpoint2 nodrop
| if (isEmpty(endpoint), endpoint2, endpoint) as api_path
| if (api_path matches "*/(v1|v2|api|chat|completions|embeddings|images|audio|generate|models)*", 1, 0) as is_api_endpoint
| num(coalesce(bytes_out, cs_bytes, "0")) as bytes_uploaded
| if (bytes_uploaded > 50000, 1, 0) as large_payload
| toUpperCase(coalesce(http_method, cs_method, "UNKNOWN")) as http_method
| if (http_method = "POST", 1, 0) as is_post
| is_api_endpoint + is_post + large_payload as suspicion_score
| where suspicion_score >= 1
| stats count as requests,
sum(bytes_uploaded) as total_bytes_uploaded,
min(_messageTime) as first_seen,
max(_messageTime) as last_seen,
values(dest_host) as ai_services,
values(api_path) as endpoint_paths,
values(user_agent) as user_agents,
max(suspicion_score) as max_suspicion_score
by src_ip, user
| sort by total_bytes_uploaded descDetects non-browser HTTP/HTTPS requests to known AI API endpoints using proxy and web gateway log sources. Scores each source IP and user combination by API endpoint usage, POST method, and large upload volume to surface likely programmatic AI API access and potential data exfiltration via prompt injection.
Data Sources
Required Tables
False Positives & Tuning
- CI/CD pipelines using AI APIs for automated code review or documentation generation
- Internal chatbot or copilot tools that proxy employee requests to AI APIs
- Security tooling that performs LLM-based alert triage
- Developer laptops running AI-integrated IDEs where the user agent is a custom plugin rather than a browser
Other platforms for T1588.007
Testing Methodology
Validate this detection against 5 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1Non-Browser AI API Access via PowerShell
Expected signal: Sysmon Event ID 1: Process Create with Image=powershell.exe, CommandLine containing 'api.openai.com' and 'Invoke-WebRequest'. Sysmon Event ID 3: Network Connection to api.openai.com:443 (resolved IP) initiated by powershell.exe. Proxy log entry showing GET request to api.openai.com with non-browser User-Agent (WindowsPowerShell). Security Event ID 4688 if command line auditing enabled.
- Test 2AI SDK Installation and API Connection via Python
Expected signal: Sysmon Event ID 11: File Create events for openai package files under %APPDATA%\Python\Python3X\site-packages\openai\. Sysmon Event ID 1: python.exe process with command line containing 'openai' and 'api_key'. Sysmon Event ID 3: Network connection from python.exe to api.openai.com:443. pip.exe process creation downloading from pypi.org.
- Test 3curl-Based AI API Simulation from Command Line
Expected signal: Sysmon Event ID 1: curl.exe process creation with CommandLine containing 'api.openai.com', '-X POST', and the prompt content visible in the -d argument. Sysmon Event ID 3: Network connection from curl.exe to api.openai.com:443. Security Event ID 4688 with full command line if command line auditing enabled. Proxy logs showing POST to api.openai.com/v1/chat/completions with content-length from curl user agent.
- Test 4AI API Environment Variable Key Storage Detection
Expected signal: Sysmon Event ID 1: powershell.exe process with CommandLine containing OPENAI_API_KEY environment variable assignment. Sysmon Event ID 3: Network connection to api.openai.com:443 from powershell.exe. PowerShell ScriptBlock Log Event ID 4104 capturing the full script including the API key value. Security Event ID 4688 with command line.
- Test 5Linux AI API Script Execution Simulation
Expected signal: Auditd SYSCALL execve records for curl process with argv containing api.openai.com. Syslog/auth.log process execution context. Network connection event in auditd SOCKADDR records showing TCP connection to api.openai.com:443. If network monitoring enabled (Zeek/Suricata): HTTP/S SNI field showing api.openai.com in TLS ClientHello.
References (9)
- https://attack.mitre.org/techniques/T1588/007/
- https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/
- https://openai.com/index/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors/
- https://cloud.google.com/blog/topics/threat-intelligence/ai-powered-voice-spoofing-vishing-attacks
- https://www.ic3.gov/PSA/2024/PSA241203
- https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402
- https://go.recordedfuture.com/hubfs/reports/cta-2025-0212.pdf
- https://learn.microsoft.com/en-us/defender-endpoint/advanced-hunting-devicenetworkevents-table
- https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/CommonStatsFunctions
Unlock Pro Content
Get the full detection package for T1588.007 including response playbook, investigation guide, and atomic red team tests.