mediumexperimentalLinuxAI/MLT1565.001

LLM Service Writing Answer Cache Outside Approved Path

Detects LLM service processes writing response or answer cache files to paths outside the approved application directories. Caching model responses in unexpected locations may indicate manipulation of cached answers to serve attacker-controlled misinformation.

Updated Jan 15, 2025 · Detection Engineering Team

llmmisinformationlinuxfile-writeowasp-llm09

Problem Statement

Response caches allow LLM services to serve pre-computed answers. Writing manipulated responses to cache paths causes subsequent users to receive attacker-controlled misinformation without the model ever processing their query.

Sample Logs

{"timestamp":"2025-01-15T10:22:11Z","computer_name":"llm-host-01","user":"llm_svc","image":"/opt/llm/app/cache_writer.py","target_filename":"/tmp/responses/answer_001.json","event_type":"file_create"}

Required Fields

image

target_filename

user

computer_name

False Positives

·LLM services writing debug response logs during development

Tuning Guidance

Establish an explicit allowlist of approved response cache paths. Any write outside this list warrants review, as cached responses can be served to future users.