>_AYSOLI SECURITY HUB
THREAT AREA

AI Integration in Webapps

Connecting external AI APIs (e.g., OpenAI, Anthropic) to your web apps opens new attack vectors because the AI often generates unpredictable outputs that can function as malicious payloads.

Your Strategy

Treat AI outputs like user inputs: they are fundamentally untrusted. Implement strict output sanitization to prevent injection attacks in the frontend.

Best Practices

  • Sandboxing: Execute AI-generated code or plugin actions in isolated containers.
  • Validation: Use strict schemas for data passed from the AI to other system components.
  • Secrets: Use Managed Identities for access to AI APIs instead of hardcoded keys.

STRIDE-LM Design Risks

SpoofingS-API-01

Identity Spoofing (API)

Attacker impersonates a legitimate partner service.

TamperingT-AI-01

Prompt Injection

Manipulation of LLM behavior through malicious inputs.

RepudiationR-API-01

API Log Manipulation

Concealing malicious API activities.

Information DisclosureI-AI-03

Model Stealing / Exfiltration

Theft of intellectual property (model weights).

Denial of ServiceD-API-01

Insecure Resource Consumption

Overloading the API due to missing rate limits (DoS).

Elevation of PrivilegeE-AI-02

Indirect Prompt Injection

Attack via data sources that the LLM reads (e.g., websites, emails).

Lateral MovementL-API-01

Cloud-Pivot via API

Using the API server identity to access internal cloud resources.

MITRE ATT&CK® Techniques

Reconnaissance
T1592

Gather Victim Digital Network Information

ATT&CK

Collecting information about the target infrastructure.

Mitigated by
LLM Gateway / FirewallExtended ProtectionMedium
NIST: AI-1OWASP: LLM01
Output Content FilteringBaseline ProtectionLow
NIST: AI-1.2OWASP: LLM02
Initial Access
T1190

Exploit Public-Facing Application

ATT&CK

Exploiting vulnerabilities in internet-facing services.

Mitigated by
LLM Gateway / FirewallExtended ProtectionMedium
NIST: AI-1OWASP: LLM01
AI Plugin SandboxingExtended ProtectionMedium
CIS: 2.1OWASP: LLM07
Strict Schema ValidationBaseline ProtectionMedium
CIS: 16.11OWASP: API6
Execution
T1059-007

JavaScript Injection

ATT&CK

Execution of malicious code in the victim's browser.

Mitigated by
AI Plugin SandboxingExtended ProtectionMedium
CIS: 2.1OWASP: LLM07
Output Content FilteringBaseline ProtectionLow
NIST: AI-1.2OWASP: LLM02
Content Security Policy (CSP)Baseline ProtectionMedium
CIS: 16.11OWASP: A03:2021
Strict Schema ValidationBaseline ProtectionMedium
CIS: 16.11OWASP: API6
Persistence
T1098

Account Manipulation

ATT&CK

Changing permissions or creating new accounts.

Mitigated by
AI Plugin SandboxingExtended ProtectionMedium
CIS: 2.1OWASP: LLM07
Credential Access
T1557

Adversary-in-the-Middle

ATT&CK

Intercepting communication between two parties.

Mitigated by
JWT Signature VerificationBaseline ProtectionMedium
NIST: PR.AC-1OWASP: API2
T1552

Credentials from Password Stores

ATT&CK

Extracting passwords from web browsers or password managers.

Mitigated by
Output Content FilteringBaseline ProtectionLow
NIST: AI-1.2OWASP: LLM02
Exfiltration
T1020

Automated Exfiltration

ATT&CK

Automated exfiltration of data via interfaces.

Mitigated by
LLM Gateway / FirewallExtended ProtectionMedium
NIST: AI-1OWASP: LLM01
AI Plugin SandboxingExtended ProtectionMedium
CIS: 2.1OWASP: LLM07
Output Content FilteringBaseline ProtectionLow
NIST: AI-1.2OWASP: LLM02
Rate Limiting & ThrottlingBaseline ProtectionLow
CIS: 12.1OWASP: API4
T1567

Exfiltration Over Web Service

ATT&CK

Data leakage via legitimate web interfaces.

Mitigated by
LLM Gateway / FirewallExtended ProtectionMedium
NIST: AI-1OWASP: LLM01
SIEM IntegrationExtended ProtectionHigh
CIS: 8.5NIST: DE.AE-3NIST: DE.CM-1OWASP: A09:2021

Is your scenario more complex?

AYSOLI experts support you in implementing your specific security requirements.

Free consultation
AI Integration in Webapps | IT Security Checklist for SMEs · AYSOLI Security Hub