AI Agent (AML.T0108)

Tactic: Command and Control

Tactics
Command and Control
Maturity
demonstrated
Reference
atlas.mitre.org/techniques/AML.T0108

Description

Adversaries may abuse AI agents present on the victim’s system for command and control. AI agents are often granted access to tools that can execute shell commands, reach out to the internet, and interact with other services in the victim’s environment, making them capable C2 agents.

The adversary may modify the behavior of an AI agent for C2 via LLM Prompt Injection and rely on the agent’s ability to invoke tools to retrieve and execute the adversary’s commands. They may maintain persistent control of an agent via Modify AI Agent Configuration or AI Agent Context Poisoning. They may instruct the agent to not report their actions to the user in an attempt to remain covert.

How GTK Cyber trains on this

GTK Cyber's hands-on AI security courses cover adversarial-AI techniques across the MITRE ATLAS framework, including the Command and Control tactic this technique falls under. Our practitioner-led training is taught by Charles Givre and other field-tested SMEs and focuses on real adversarial scenarios, not slide decks.

View AI security courses →

Related techniques

Train your team on real adversarial-AI attacks.

GTK Cyber's AI red teaming courses are taught by practitioners who break models for a living.

View AI Security Courses