highexperimentalLinuxAI/MLT1053.003T1547.001

LLM Service Writing Files To Executable Or Cron Locations

Detects LLM service processes writing files to cron directories, /usr/local/bin/, or systemd unit paths. Writing to these persistence locations from an LLM runtime indicates that model output is being used to establish persistent code execution.

Updated Jan 15, 2025 · Detection Engineering Team

llmimproper-outputlinuxpersistenceowasp-llm05

Problem Statement

Writing to cron, systemd, or executable paths from an LLM process indicates that model-generated content is being deployed as persistent code. This represents the highest-severity outcome of an improper output handling vulnerability.

Sample Logs

{"timestamp":"2025-01-15T22:03:19Z","computer_name":"llm-host-02","user":"llm_svc","image":"/opt/llm/app/system_writer.py","target_filename":"/etc/cron.d/llm-backdoor","event_type":"file_create"}

Required Fields

image

target_filename

user

computer_name

False Positives

·Approved LLM deployment tools that write service configurations during initial setup

Tuning Guidance

LLM service accounts should not have write access to cron, bin, or systemd paths. These are high-fidelity indicators; treat all alerts as high priority.