Valid Accounts

Description

Adversaries may obtain and abuse credentials of existing accounts. A compromised user account that owns AI Agents inherits implicit control over those agents and the tools/knowledge bases they reach — extending the blast radius of stolen credentials beyond traditional cloud resources.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable AI AwareAIRead-onlyHTTPSAI Agents and User Ownership

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Defense Evasion, Persistence, Privilege Escalation, Initial Access

Technique: Valid Accounts

Products Required: Tenable AI Aware