- Tactics
- Reconnaissance
- Maturity
- realized
- Reference
- atlas.mitre.org/techniques/AML.T0006
Description
An adversary may probe or scan the victim system to gather information for targeting. This is distinct from other reconnaissance techniques that do not involve direct interaction with the victim system.
Adversaries may scan for open ports on a potential victim’s network, which can indicate specific services or tools the victim is utilizing. This could include a scan for tools related to AI DevOps or AI services themselves such as public AI chat agents (ex: Copilot Studio Hunter). They can also send emails to organization service addresses and inspect the replies for indicators that an AI agent is managing the inbox.
Information gained from Active Scanning may yield targets that provide opportunities for other forms of reconnaissance such as Search Open Technical Databases, Search Open AI Vulnerability Analysis, or Gather RAG-Indexed Targets.
How GTK Cyber trains on this
GTK Cyber's hands-on AI security courses cover adversarial-AI techniques across the MITRE ATLAS framework, including the Reconnaissance tactic this technique falls under. Our practitioner-led training is taught by Charles Givre and other field-tested SMEs and focuses on real adversarial scenarios, not slide decks.
Related techniques
- AML.T0000 — Search Open Technical Databases
- AML.T0001 — Search Open AI Vulnerability Analysis
- AML.T0003 — Search Victim-Owned Websites
- AML.T0004 — Search Application Repositories
- AML.T0064 — Gather RAG-Indexed Targets
- AML.T0087 — Gather Victim Identity Information
- AML.T0095 — Search Open Websites/Domains