highexperimentalLinuxAI/MLOCIT1083T1552.001

LLM Service Accessing Kubernetes Or OCI Cluster Config

Detects LLM service processes reading Kubernetes kubeconfig files or OCI Kubernetes Engine (OKE) configuration. Access to cluster credentials enables container orchestration control beyond the intended LLM service scope.

Updated Jan 15, 2025 · Detection Engineering Team

llmexcessive-agencylinuxkubernetesowasp-llm06

Problem Statement

Access to Kubernetes cluster credentials from an LLM service extends the model's blast radius to the entire container orchestration layer, enabling pod creation, secret extraction, and cluster-wide access.

Sample Logs

{"timestamp":"2025-01-15T11:58:27Z","computer_name":"llm-host-02","user":"llm_svc","image":"/opt/llm/app/infra_tool.py","target_filename":"/home/opc/.kube/config","access_type":"read"}

Required Fields

image

target_filename

user

computer_name

False Positives

·LLM infrastructure management agents with explicit Kubernetes tool bindings

Tuning Guidance

Kubernetes kubeconfig files grant cluster-wide access. LLM inference services should not coexist on hosts with kubeconfig files present.