Detection Knowledge Base

Detects execution of PowerShell with base64-encoded commands, commonly used by attackers to obfuscate malicious payloads.

Detects attempts to dump LSASS process memory for credential harvesting using common tools.

Detects when overly permissive IAM policies (AdministratorAccess, FullAccess) are attached to roles or users.

Detects potential prompt injection attacks targeting LLM-backed API endpoints by identifying known injection patterns in request bodies.

Detects remote WMI execution commonly used for lateral movement, persistence, and command execution across network hosts.

Detects bulk GetObject requests against OCI Object Storage buckets, indicating potential data exfiltration via the OCI API or console.

Detects creation, modification, or deletion of OCI IAM policies by principals that are not designated IAM administrators.

Detects creation of new API keys for existing IAM users, a common persistence mechanism after initial compromise.

Detects OCI console sign-in events originating from a country not previously seen for the user, or from known Tor exit node IP ranges.

Detects a principal accessing resources in compartments outside their normal operational scope, indicating potential lateral movement or policy misconfiguration exploitation.

Detects AI agent runtimes (Python, Node) spawning interactive shell interpreters — a strong indicator of agent goal hijacking, prompt injection leading to code execution, or unsafe tool invocation.

Detects AI agent processes establishing network connections to external destinations outside the expected OCI network space, which may indicate exfiltration, C2 communication, or prompt-injection-driven outbound calls.

Detects AI agent processes reading OCI CLI configuration files or API key material, which may indicate credential harvesting driven by goal hijacking or prompt injection.

Detects AI agent runtimes writing script files to temporary directories, a common pattern when an agent has been hijacked into generating and executing arbitrary code payloads.

Detects AI agent processes accessing browser profile directories or session storage files, which may indicate credential or token theft driven by a hijacked agent goal.

Detects AI agent runtimes spawning network utility tools such as curl, wget, or netcat, indicating potential data exfiltration, payload download, or reverse shell establishment driven by tool misuse or prompt injection.

Detects AI agent processes executing OCI CLI commands with destructive action verbs (delete, terminate, disable, purge), indicating potential misuse of cloud management tools to destroy infrastructure or data.

Detects AI agent runtimes spawning archive utilities (tar, zip, gzip) which may indicate data staging prior to exfiltration, a common tool misuse pattern in AI agent attacks.

Detects AI agent processes writing to /etc/hosts, which could redirect DNS resolution to attacker-controlled infrastructure or disable security tool connectivity.

Detects AI agent runtimes spawning SSH or SFTP processes, which may indicate lateral movement, unauthorized remote code execution, or data exfiltration via encrypted channels.

Detects AI agent processes reading OCI session tokens, security credentials, or API key files, indicating potential identity theft or privilege escalation driven by an agent operating outside its authorized scope.

Detects AI agent processes accessing SSH private key files, which could enable unauthorized lateral movement to other hosts in the OCI environment.

Detects AI agent runtimes executing sudo or su to escalate privileges, a strong indicator that the agent is attempting to gain root access beyond its intended operational scope.

Detects AI agent processes accessing credential files for cloud providers other than OCI (AWS, Azure, GCP), which may indicate multi-cloud credential harvesting.

Detects AI agent processes running commands associated with credential discovery and enumeration (env, printenv, id, whoami, getent), which may indicate an agent performing reconnaissance on its execution environment.

Detects AI agent processes establishing network connections to package repository hosts other than approved mirrors, indicating potential supply chain compromise via installation of malicious packages.

Detects AI agent processes writing files to known tool plugin or MCP (Model Context Protocol) directories, which may indicate unauthorized modification of the agent's tool set or injection of malicious tool definitions.

Detects AI agent activity originating from Python site-packages, node_modules, or temporary directories, indicating potential execution of recently installed or dropped malicious packages.

Detects AI agent processes connecting to MCP server ports or tool endpoint addresses that are not in the approved configuration, which may indicate tool hijacking or connection to a rogue MCP server.

Detects AI agent processes modifying Python or Node.js dependency configuration files (requirements.txt, package.json, pip.conf), which could be used to introduce malicious dependencies or redirect package sources.

Detects AI agent runtimes spawning processes from temporary or shared memory paths (/tmp, /dev/shm), indicating execution of dynamically dropped payloads — a hallmark of fileless malware or prompt-injection-driven code execution.

Detects AI agent runtimes passing inline code (-c flag) to shell or interpreter commands, which is commonly used to execute injected or dynamically generated payloads without writing files to disk.

Detects AI agent processes writing executable files (binaries, scripts with execute permissions) to disk, which is the dropper stage of an agent-mediated malware delivery attack.

Detects AI agent runtimes spawning alternative scripting interpreters (Perl, Ruby, PHP), which may indicate execution of code in a language designed to evade Python/Node-centric detection rules.

Detects AI agent processes executing scripts located in user download directories, which may indicate execution of malicious content retrieved from the internet as part of a hijacked agent task.

Detects AI agent processes writing to local vector store or memory database files, which may indicate an agent poisoning its own context memory to influence future behavior.

Detects AI agent processes modifying prompt template files or system instruction configurations, which represents a direct attempt to alter the agent's core behavioral guidelines.

Detects AI agent processes reading files from download directories that may contain adversarial content designed to poison the agent's context window via indirect prompt injection.

Detects AI agent processes directly modifying vector database files used for RAG (Retrieval Augmented Generation) memory, which may indicate deliberate poisoning of the agent's knowledge retrieval layer.

Detects AI agent processes writing fetched web content directly into memory or context store directories, which may indicate content containing indirect prompt injection instructions is being persisted in agent memory.

Detects AI agent processes establishing connections to localhost on common tooling and inter-agent communication ports, which may indicate unmonitored agent-to-tool or agent-to-agent communication channels.

Detects AI agent processes binding to network ports as a listener, which may indicate the agent has established an unauthorized service endpoint for receiving commands or relaying inter-agent communication.

Detects AI agent processes connecting to ports commonly used for inter-agent or peer-to-peer communication (including Docker daemon ports), which may indicate unauthorized agent orchestration or container escape attempts.

Detects AI agent processes creating Unix socket files or named pipes that could be used as unmonitored inter-agent communication channels, bypassing network-layer security controls.

Detects AI agent runtimes spawning message queue or broker client tools (kafka, rabbitmq, nats, mqtt, redis-cli), which may indicate unauthorized use of messaging infrastructure for inter-agent coordination or data exfiltration.

Baseline seed rule to detect AI agent runtimes spawning an unusual number of child processes in a short time window, which may indicate runaway agent loops, denial of service behavior, or cascading failure conditions.

Baseline seed rule to detect AI agent processes making high-frequency repeated external network connections, which may indicate beaconing behavior, an infinite retry loop, or API hammering that causes cascading service failures.

Detects AI agent runtimes repeatedly spawning browser or desktop application processes, indicating a potential runaway automation loop that may exhaust system resources or trigger cascading UI-automation failures.

Baseline seed rule to detect AI agent processes writing an unusually large number of files in a short time window, which may indicate a runaway file generation loop, ransomware-like behavior, or uncontrolled data staging.

Detects AI agent Python or Node processes where both the parent and child process are the same interpreter binary, indicating recursive self-spawning that can rapidly exhaust process table limits and trigger cascading system failures.

Detects AI agent processes creating files with names suggesting urgency, approval requests, or authorization actions, which may be an attempt to socially engineer human operators into approving malicious agent actions.

Detects AI agent runtimes spawning email or messaging applications (Thunderbird, Slack, Teams, Zoom), which may indicate the agent is attempting to communicate directly with humans to manipulate trust or request unauthorized approvals.

Detects AI agent processes launching browsers with URLs pointing to OCI console, identity, or authentication pages, which may indicate the agent is attempting to perform unauthorized actions via the OCI web console.

Detects AI agent processes creating script files (.sh, .desktop, .url, .py) in user Desktop directories, which may represent an attempt to trick users into executing malicious scripts by placing them in a visible, trusted location.

Detects AI agent runtimes spawning remote support or meeting applications (Teams, Zoom, AnyDesk, TeamViewer), which may indicate the agent is attempting to establish unauthorized remote access or manipulate a human into sharing screen access.

Detects AI agent processes writing files to persistence-related paths (cron directories, systemd unit directories, autostart), indicating an attempt to establish persistent code execution that survives reboots and agent restarts.

Detects AI agent processes modifying shell initialization files (.bashrc, .profile, .zshrc, .bash_profile), which can be used to execute malicious code whenever a user or automated process opens a new shell session.

Baseline seed rule to detect AI agent processes making periodic external connections at regular intervals, which is the characteristic pattern of a C2 beacon from a rogue agent maintaining contact with attacker infrastructure.

Detects AI agent processes writing executable files (.sh, .py, .bin, .service) to hidden directories or common persistence staging paths, which indicates the agent is replicating itself to establish alternative execution points.

Detects AI agent processes executing commands that disable security software (Falcon sensor), clear firewall rules, or disable host-based firewalls — the highest-severity indicator of a fully rogue agent actively attempting to remove its detection surface.