highexperimentalLinuxAI/MLT1552.001

LLM Service Accessing Environment Secrets Files

Detects LLM service processes reading .env or .netrc files that commonly contain application secrets, API keys, and passwords. This access pattern suggests the model or an injected prompt is attempting to harvest secrets.

Updated Jan 15, 2025 · Detection Engineering Team

llmcredential-accesslinuxsecretsowasp-llm02

Problem Statement

.env files often contain database credentials, API keys, and service tokens. An LLM process accessing these files outside of initialisation is a strong indicator of secrets harvesting.

Sample Logs

{"timestamp":"2025-01-15T15:44:31Z","computer_name":"llm-host-03","user":"llm_svc","image":"/opt/llm/app/inference.py","target_filename":"/opt/llm/app/.env.prod","access_type":"read"}

Required Fields

image

target_filename

user

computer_name

False Positives

·LLM service reading its own .env file during initialisation — expected on first start

Tuning Guidance

Exclude reads at process startup time (within 30s of service start). Alert on reads that occur during active request processing.