mediumexperimentalLinuxAI/MLNetworkT1048.002

LLM Service Outbound Connection To Non-OCI Object Storage

Detects LLM service processes connecting to object storage endpoints (S3, Azure Blob, GCS) outside the OCI baseline. This pattern indicates potential exfiltration of sensitive model outputs, training data, or credentials to external cloud storage.

Updated Jan 15, 2025 · Detection Engineering Team

llmexfiltrationlinuxnetworkowasp-llm02

Problem Statement

Connections from LLM processes to non-OCI object storage endpoints suggest data is being exfiltrated to attacker-controlled or unintended cloud storage, potentially including model weights, training data, or harvested credentials.

Sample Logs

{"timestamp":"2025-01-15T19:30:44Z","computer_name":"llm-host-01","user":"llm_svc","image":"/opt/llm/app/output_handler.py","destination_hostname":"exfil-bucket.s3.amazonaws.com","destination_ip":"52.216.8.11","destination_port":443}

Required Fields

image

destination_hostname

destination_ip

user

computer_name

False Positives

·LLM services with approved multi-cloud data pipelines writing outputs to AWS S3 or Azure Blob

Tuning Guidance

Maintain an explicit allowlist of approved external object storage endpoints. Any destination outside this list should alert.