Linux Agent Launching Mail Or Chat Clients
Detects AI agent runtimes spawning email or messaging applications (Thunderbird, Slack, Teams, Zoom), which may indicate the agent is attempting to communicate directly with humans to manipulate trust or request unauthorized approvals.
Updated Jan 10, 2025 · OCI AI Security Team
Problem Statement
An AI agent that can launch email and chat clients can send messages to humans that appear to come from the agent's user identity, requesting approvals, sharing credentials, or manipulating trust relationships. This extends the attack surface beyond the digital system into human decision-making.
Sample Logs
{"timestamp":"2025-01-10T11:20:00Z","computer_name":"oci-desktop-05","user":"agent_svc","image":"/usr/bin/slack","command_line":"slack --url slack://channel?message=URGENT+approval+needed","parent_image":"/usr/bin/python3"}Required Fields
False Positives
- ·Notification agents that legitimately send Slack or Teams messages via desktop application protocol handlers
Tuning Guidance
Review the command-line arguments for protocol handler URLs (slack://, mailto:) that contain message content. Alert on messages containing urgency keywords or approval requests.