AT

AttackTrace

Browse techniquesThreat activityBrowse ATLASSearch
ATLASAML.T0096
ATLAS index
AML.T0096

AI Service API

Adversaries may communicate using the API of an AI service on the victim's system. The adversary's commands to the victim system, and often the results, are embedded in the normal traffic of the AI service. An AI service API command and control channel is covert because the adversary's commands blend in with normal com

Framework
MITRE ATLAS
Maturity
Realized
Platforms
Predictive AI, Generative AI, Agentic AI
Release
2026.05

Overview

Adversaries may communicate using the API of an AI service on the victim's system. The adversary's commands to the victim system, and often the results, are embedded in the normal traffic of the AI service.

An AI service API command and control channel is covert because the adversary's commands blend in with normal communications, so an adversary may use this technique to avoid detection. Using existing infrastructure on the victim's system allows the adversary to live off the land, further reducing their footprint.

AI service APIs may be abused as C2 channels when an adversary wants to be stealthy and maintain long-term persistence for espionage activities SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | Microsoft Security Blog.

Sources

  1. MITRE ATLAS AML.T0096: AI Service API — MITRE
  2. SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | Microsoft Security Blog