Potential Azure OpenAI Model Theft
Monitors for suspicious activities that may indicate theft or unauthorized duplication of machine learning (ML) models, such as unauthorized API calls, atypical access patterns, or large data transfers that are unusual during model interactions.
Elastic rule (View on GitHub)
1[metadata]
2creation_date = "2025/02/25"
3maturity = "production"
4updated_date = "2025/03/20"
5
6[rule]
7author = ["Elastic"]
8description = """
9Monitors for suspicious activities that may indicate theft or unauthorized duplication of machine learning (ML) models,
10such as unauthorized API calls, atypical access patterns, or large data transfers that are unusual during model
11interactions.
12"""
13false_positives = ["Authorized model training", "Legitimate high volume data exchanges during scheduled updates"]
14from = "now-60m"
15interval = "10m"
16language = "esql"
17license = "Elastic License v2"
18name = "Potential Azure OpenAI Model Theft"
19references = ["https://genai.owasp.org/llmrisk/llm10-model-theft", "https://atlas.mitre.org/techniques/AML.T0044"]
20risk_score = 47
21rule_id = "4021e78d-5293-48d3-adee-a70fa4c18fab"
22setup = """## Setup
23
24For more information on
25streaming events, see the Azure OpenAI documentation:
26
27https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/stream-monitoring-data-event-hubs
28"""
29severity = "medium"
30tags = [
31 "Domain: LLM",
32 "Data Source: Azure OpenAI",
33 "Data Source: Azure Event Hubs",
34 "Use Case: Model Theft",
35 "Mitre Atlas: T0044",
36]
37timestamp_override = "event.ingested"
38type = "esql"
39
40query = '''
41from logs-azure_openai.logs-*
42| where azure.open_ai.operation_name == "ListKey" and azure.open_ai.category == "Audit"
43| KEEP @timestamp, azure.open_ai.operation_name , azure.open_ai.category, azure.resource.group, azure.resource.name, azure.open_ai.properties.response_length
44| stats count = count(), max_data_transferred = max(azure.open_ai.properties.response_length) by azure.resource.group , azure.resource.name
45| where count >= 100 or max_data_transferred >= 1000000
46| sort count desc
47'''
References
-
Unbounded Consumption refers to the process where a Large Language Model (LLM) generates outputs based on input queries or prompts. Inference is a critical function of LLMs, involving the application of learned patterns and knowledge to produce relevant responses or predictions. Attacks designed to disrupt service, deplete the target’s financial resources, or even steal intellectual […]
Read More
Related rules
- Azure OpenAI Insecure Output Handling
- Potential Denial of Azure OpenAI ML Service
- AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User
- AWS Bedrock Detected Multiple Validation Exception Errors by a Single User
- AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request