Execution (6 techniques)
MITRE ATLAS tactic
The adversary is trying to run malicious code embedded in AI artifacts or software. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does [Remote System Discovery](https://attack.mitre.org/techniques/T1018/).
Techniques
- AML.T0011 — User Execution Maturity: realized
- AML.T0050 — Command and Scripting Interpreter Maturity: demonstrated
- AML.T0051 — LLM Prompt Injection Maturity: realized
- AML.T0053 — AI Agent Tool Invocation Maturity: demonstrated
- AML.T0100 — AI Agent Clickbait Maturity: demonstrated
- AML.T0103 — Deploy AI Agent Maturity: realized
AI red teaming training, taught by practitioners.
Hands-on courses on adversarial AI, prompt injection, and AI security operations.
View AI Security Courses