mediumexperimentalLinuxAI/MLT1547.001

LLM Host Modifying Package Or Dependency Configuration

Detects LLM service processes modifying Python or Node package configuration files (requirements.txt, pyproject.toml, package.json, etc.). Runtime modification of dependency configurations can redirect package resolution to attacker-controlled sources.

Updated Jan 15, 2025 · Detection Engineering Team

llmpersistencelinuxpackage-configowasp-llm03

Problem Statement

Package and dependency configuration files define what code runs in the LLM environment. Runtime modification of these files by the LLM service itself indicates an attempt to inject malicious dependencies on the next package install or service restart.

Sample Logs

{"timestamp":"2025-01-15T12:10:05Z","computer_name":"llm-host-03","user":"llm_svc","image":"/opt/llm/app/setup_handler.py","target_filename":"/opt/llm/requirements.txt","event_type":"file_modify"}

Required Fields

image

target_filename

user

computer_name

False Positives

·Automated dependency update pipelines running under the LLM service account

Tuning Guidance

Package configuration files should be immutable on production hosts. Any runtime write should alert regardless of source process.