mediumexperimentalLinuxAI/MLT1005T1552.001

LLM Service Reading Secrets And Prompt Material In Same Execution Chain

Detects LLM service processes spawning text utilities (cat, grep, sed) that reference both secret files and prompt configuration files in the same command, indicating combined credential and prompt material harvesting.

Updated Jan 15, 2025 · Detection Engineering Team

llmsystem-prompt-leakagelinuxfile-accessowasp-llm07

Problem Statement

Combining secret and system prompt material in a single read chain suggests a comprehensive information gathering operation, likely staged as part of a larger exfiltration attempt.

Sample Logs

{"timestamp":"2025-01-15T17:08:44Z","computer_name":"llm-host-03","user":"llm_svc","image":"/bin/cat","command_line":"cat /opt/llm/config/system_prompt.txt /opt/llm/app/.env","parent_image":"/opt/llm/app/debug_tool.py"}

Required Fields

image

command_line

parent_image

user

computer_name

False Positives

·Debug or diagnostic scripts that print configuration for troubleshooting

Tuning Guidance

Restrict the alert to process chains with sensitive file combinations. Correlate with outbound network events to identify if the harvested data was transmitted.