Web Request Triggering
Type: technique
Description: The adversary triggers the AI system to issue a web request to an attacker-controlled domain, encoding data into the URI. The request is triggered by the client application with no user clicks required.
Version: 0.1.0
Created At: 2024-10-03 22:24:49 +0300
Last Modified At: 2024-10-03 22:24:49 +0300
External References
Related Objects
- --> Exfiltration (tactic): An adversary can exfiltrate data by embedding it in a URI and triggering the AI system to query it via its browsing capabilities.
- --> Index-Based Browsing (mitigation): Limiting an AI System to query a search index rather than perform a URL retrieval Setting a Content Security Policy can mitigate this technique by disrupting an attacker's ability to provide a URL to a domain under their control.
- --> URL Anchoring (mitigation): Limiting an AI System to visit only URLs that were explicitly written by the user reduces an attacker's ability to exfiltrate data through request parameters.