mediumexperimentalLinuxOCINetworkT1071.001

Linux Agent Connecting To Non-OCI External Destination

Detects AI agent processes establishing network connections to external destinations outside the expected OCI network space, which may indicate exfiltration, C2 communication, or prompt-injection-driven outbound calls.

Updated Jan 10, 2025 · OCI AI Security Team

agentic-ainetwork-connectionexfiltrationlinuxociowasp-asi01

Problem Statement

AI agents should only communicate with pre-approved endpoints defined in their configuration. Unexpected external connections may indicate the agent has been redirected by a prompt injection attack or is exfiltrating data collected during task execution.

Sample Logs

{"timestamp":"2025-01-10T09:45:22Z","computer_name":"oci-agent-02","user":"agent_svc","image":"/usr/bin/python3","command_line":"python3 /opt/agent/main.py","destination_ip":"198.51.100.45","destination_hostname":"c2-server.example.com","destination_port":443,"initiated":true}

Required Fields

image

command_line

destination_ip

destination_hostname

destination_port

user

computer_name

False Positives

·Agents legitimately calling external AI APIs (OpenAI, Anthropic, etc.) for inference
·Package update checks to PyPI or npm registries
·Legitimate webhook callbacks to external monitoring or alerting services

Tuning Guidance

Maintain an allowlist of approved external domains and IPs (e.g., known AI API endpoints, OCI service endpoints). Alert only on connections to uncategorized or newly observed destinations.