AI Service Proxies (AML.T0008.005)

Maturity
realized
Reference
atlas.mitre.org/techniques/AML.T0008.005

Description

Adversaries may utilize commercial proxy services that resell access to AI services such as frontier model APIs.

This infrastructure can be used to conduct large-scale campaigns to perform Exfiltration via AI Inference API via distillation. Adversaries may also use this infrastructure to Generate Malicious Commands for offensive cyber operations, or to generate content for Spearphishing via Social Engineering LLM.

Commercial AI service proxies distribute traffic from different accounts and various cloud platforms. The mix of traffic can make malicious activity difficult to detect and block [1].

Malicious actors conduct LLM Jacking attacks to gain access to victim accounts which they resell access to in their proxy services [2].

How GTK Cyber trains on this

GTK Cyber's hands-on AI security courses cover adversarial-AI techniques across the MITRE ATLAS framework, including the relevant tactic this technique falls under. Our practitioner-led training is taught by Charles Givre and other field-tested SMEs and focuses on real adversarial scenarios, not slide decks.

View AI security courses →

Train your team on real adversarial-AI attacks.

GTK Cyber's AI red teaming courses are taught by practitioners who break models for a living.

View AI Security Courses