API & Model Interface Security (e7827e98-4b5d-5937-b721-5ecff98a0b61)
AI systems increasingly rely on APIs for inference (e.g., LLM endpoints), orchestration (e.g., function calls via tools), or dynamic prompt injection (e.g., Model Context Protocol). Poorly secured APIs expose attack surfaces specific to LLMs and other AI models.
Threats include: * Prompt injection via API inputs or user tool outputs (e.g., using MCP-style interfaces). * Malicious function calls that exploit insecure tool execution pipelines. * Abuse of structured output endpoints (e.g., JSON-formatted APIs) to extract or manipulate model behavior. * Reverse-engineering model behavior via inference chaining or output probing.
Attacks on shared foundational model APIs can impact multiple downstream applications through shared vulnerabilities, hallucination exploits, or jailbreak discovery.
Threat-modeling question: Are our AI inference APIs and function-calling interfaces securely implemented?
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| AI Model Inference API Access (90a420d4-3f03-4800-86c0-223c4376804a) | MITRE ATLAS Attack Pattern | API & Model Interface Security (e7827e98-4b5d-5937-b721-5ecff98a0b61) | PLOT4ai | 1 |