AI Service API (AML.T0096)

Tactic: Command and Control

Tactics
Command and Control
Maturity
realized
Reference
atlas.mitre.org/techniques/AML.T0096

Description

Adversaries may communicate using the API of an AI service on the victim’s system. The adversary’s commands to the victim system, and often the results, are embedded in the normal traffic of the AI service.

An AI service API command and control channel is covert because the adversary’s commands blend in with normal communications, so an adversary may use this technique to avoid detection. Using existing infrastructure on the victim’s system allows the adversary to live off the land, further reducing their footprint.

AI service APIs may be abused as C2 channels when an adversary wants to be stealthy and maintain long-term persistence for espionage activities [1].

How GTK Cyber trains on this

GTK Cyber's hands-on AI security courses cover adversarial-AI techniques across the MITRE ATLAS framework, including the Command and Control tactic this technique falls under. Our practitioner-led training is taught by Charles Givre and other field-tested SMEs and focuses on real adversarial scenarios, not slide decks.

View AI security courses →

Related techniques

Train your team on real adversarial-AI attacks.

GTK Cyber's AI red teaming courses are taught by practitioners who break models for a living.

View AI Security Courses