Home
Mapping Frameworks
Azure Home
Microsoft Defender for Cloud: AI Threat Protection

Azure ai_threat_protection

Microsoft Defender for Cloud's AI Threat Protection identifies threats to generative AI applications in real time and helps respond to security issues. It works with Azure AI Content Safety Prompt Shields and Microsoft's threat intelligence to provide security alerts for threats like data leakage, data poisoning, jailbreak, and credential theft.

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name	Notes
ai_threat_protection	Microsoft Defender for Cloud: AI Threat Protection	detect	partial	T1090.003	Multi-hop Proxy	Comments This capability can detect (alert: AI.Azure_AccessFromAnonymizedIP) when an AI is accessed from a Tor network IP. References https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-ai-workloads
ai_threat_protection	Microsoft Defender for Cloud: AI Threat Protection	detect	partial	T1491	Defacement	Comments This capability can alert (using AI.Azure_MaliciousUrl.ModelResponse) when an AI model has shared a malicious URL with a user. References https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-ai-workloads
ai_threat_protection	Microsoft Defender for Cloud: AI Threat Protection	detect	partial	T1552	Unsecured Credentials	Comments This control provides detection of unsecured credentials being divulged by AI model responses. References https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-ai-workloads
ai_threat_protection	Microsoft Defender for Cloud: AI Threat Protection	detect	significant	T1496.004	Cloud Service Hijacking	Comments This capability has multiple alerts (AI.Azure_DOWDuplicateRequests, AI.Azure_DOWVolumeAnomaly) that can detect abuse of an AI for financial impact on an organization. References https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-ai-workloads