Microsoft Defender for Cloud's AI Threat Protection identifies threats to generative AI applications in real time and helps respond to security issues. It works with Azure AI Content Safety Prompt Shields and Microsoft's threat intelligence to provide security alerts for threats like data leakage, data poisoning, jailbreak, and credential theft.
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| ai_threat_protection | Microsoft Defender for Cloud: AI Threat Protection | detect | partial | T1090.003 | Multi-hop Proxy |
Comments
This capability can detect (alert: AI.Azure_AccessFromAnonymizedIP) when an AI is accessed from a Tor network IP.
References
|
| ai_threat_protection | Microsoft Defender for Cloud: AI Threat Protection | detect | partial | T1491 | Defacement |
Comments
This capability can alert (using AI.Azure_MaliciousUrl.ModelResponse) when an AI model has shared a malicious URL with a user.
References
|
| ai_threat_protection | Microsoft Defender for Cloud: AI Threat Protection | detect | partial | T1552 | Unsecured Credentials |
Comments
This control provides detection of unsecured credentials being divulged by AI model responses.
References
|
| ai_threat_protection | Microsoft Defender for Cloud: AI Threat Protection | detect | significant | T1496.004 | Cloud Service Hijacking |
Comments
This capability has multiple alerts (AI.Azure_DOWDuplicateRequests, AI.Azure_DOWVolumeAnomaly) that can detect abuse of an AI for financial impact on an organization.
References
|