>_AYSOLI SECURITY HUB
THREAT AREA

Internal Company Chatbot

The use of LLMs based on internal data (RAG - Retrieval Augmented Generation) is an enormous efficiency boost but carries the risk that the AI bypasses internal authorization concepts.

Your Strategy

Security must take place on two levels: First, the data sources themselves must have strict access controls. Second, an LLM gateway must ensure that no sensitive information (PII) leaves the organization or appears unauthorized in the chat.

Best Practices

  • Isolation: Use separate vector databases for different levels of confidentiality.
  • Filtering: Implement automated filters for injections (input) and PII leaks (output).
  • Alignment: Use RLHF-optimized models that are trained not to disclose system prompts.

STRIDE-LM Design Risks

SpoofingS-01

Identity Spoofing

Attacker impersonates a legitimate user or partner.

TamperingT-AI-01

Prompt Injection

Manipulation of LLM behavior through malicious inputs.

RepudiationR-01

Audit Log Manipulation

Deleting or altering traces of an action.

Information DisclosureI-AI-01

RAG Data Leakage

Unintentional disclosure of sensitive documents by the chatbot.

Denial of ServiceD-01

Resource Exhaustion

Overloading systems through massive requests or resource hogging.

Elevation of PrivilegeE-AI-02

Indirect Prompt Injection

Attack via data sources that the LLM reads (e.g., websites, emails).

Lateral MovementL-01

Lateral Movement

Accessing further internal systems after initial login.

Monitoring GapsM-AI-02

Overreliance on AI Outputs

Unchecked adoption of AI-generated content or code.

MITRE ATT&CK® Techniques

Reconnaissance
T1592

Gather Victim Digital Network Information

ATT&CK

Collecting information about the target infrastructure.

Mitigated by
LLM Gateway / FirewallExtended ProtectionMedium
NIST: AI-1OWASP: LLM01
RLHF & Model AlignmentExtended ProtectionHigh
NIST: AI-1.1OWASP: LLM02
Continuous AI Red TeamingExtended ProtectionHigh
CIS: 18.1NIST: AI-5.1
Output Content FilteringBaseline ProtectionLow
NIST: AI-1.2OWASP: LLM02
Data Anonymization (Differential Privacy)Extended ProtectionHigh
NIST: PR.PT-3
Consent & Privacy ManagementBaseline ProtectionMedium
NIST: PR.PT-3
Initial Access
T1566

Phishing

ATT&CK

Delivering malicious content via electronic communication.

Mitigated by
LLM Gateway / FirewallExtended ProtectionMedium
NIST: AI-1OWASP: LLM01
RLHF & Model AlignmentExtended ProtectionHigh
NIST: AI-1.1OWASP: LLM02
Continuous AI Red TeamingExtended ProtectionHigh
CIS: 18.1NIST: AI-5.1
Output Content FilteringBaseline ProtectionLow
NIST: AI-1.2OWASP: LLM02
Adaptive MFA (Risk-based)Extended ProtectionLow
CIS: 6.5NIST: PR.AC-7
T1078

Valid Accounts

ATT&CK

Exploiting existing credentials for access.

Mitigated by
Least Privilege PrincipleBaseline ProtectionMedium
CIS: 6.2NIST: PR.AC-6OWASP: A01:2021
Regular Access ReviewsBaseline ProtectionLow
CIS: 6.6NIST: PR.AC-1OWASP: A01:2021
Adaptive MFA (Risk-based)Extended ProtectionLow
CIS: 6.5NIST: PR.AC-7
Credential Access
T1539

Steal Web Session Cookie

ATT&CK

Capturing active session tokens to bypass authentication.

Mitigated by
Adaptive MFA (Risk-based)Extended ProtectionLow
CIS: 6.5NIST: PR.AC-7
T1552

Credentials from Password Stores

ATT&CK

Extracting passwords from web browsers or password managers.

Mitigated by
Output Content FilteringBaseline ProtectionLow
NIST: AI-1.2OWASP: LLM02
Collection
T1213

Data from Information Repositories

ATT&CK

Accessing data from knowledge bases (SharePoint, Confluence).

Mitigated by
LLM Gateway / FirewallExtended ProtectionMedium
NIST: AI-1OWASP: LLM01
Least Privilege PrincipleBaseline ProtectionMedium
CIS: 6.2NIST: PR.AC-6OWASP: A01:2021
Exfiltration
T1020

Automated Exfiltration

ATT&CK

Automated exfiltration of data via interfaces.

Mitigated by
LLM Gateway / FirewallExtended ProtectionMedium
NIST: AI-1OWASP: LLM01
Continuous AI Red TeamingExtended ProtectionHigh
CIS: 18.1NIST: AI-5.1
Output Content FilteringBaseline ProtectionLow
NIST: AI-1.2OWASP: LLM02
Data Anonymization (Differential Privacy)Extended ProtectionHigh
NIST: PR.PT-3
Consent & Privacy ManagementBaseline ProtectionMedium
NIST: PR.PT-3
T1567

Exfiltration Over Web Service

ATT&CK

Data leakage via legitimate web interfaces.

Mitigated by
LLM Gateway / FirewallExtended ProtectionMedium
NIST: AI-1OWASP: LLM01
Continuous AI Red TeamingExtended ProtectionHigh
CIS: 18.1NIST: AI-5.1
SIEM IntegrationExtended ProtectionHigh
CIS: 8.5NIST: DE.AE-3NIST: DE.CM-1OWASP: A09:2021

Is your scenario more complex?

AYSOLI experts support you in implementing your specific security requirements.

Free consultation