GenAI Process Connection to Unusual Domain

Last updated 6 days ago on 2026-01-08

Created a month ago on 2025-12-04

About

Detects GenAI tools connecting to unusual domains on macOS. Adversaries may compromise GenAI tools through prompt injection, malicious MCP servers, or poisoned plugins to establish C2 channels or exfiltrate sensitive data to attacker-controlled infrastructure. AI agents with network access can be manipulated to beacon to external servers, download malicious payloads, or transmit harvested credentials and documents.

Tags

Domain: EndpointOS: macOSUse Case: Threat DetectionTactic: Command and ControlData Source: Elastic DefendDomain: LLMMitre Atlas: T0086Language: kuery

Severity

medium

Risk Score

MITRE ATT&CK™

Command and Control (TA0011)(external, opens in a new tab or window)

↳ Application Layer Protocol (T1071)(external, opens in a new tab or window)

License

Elastic License v2(external, opens in a new tab or window)

Definition

Rule Type: New Terms Rule
Integration Pack: Prebuilt Security Detection Rules
Index Patterns: logs-endpoint.events.network*
Related Integrations: endpoint(external, opens in a new tab or window)
Query

✄𐘗text code block:
✄𐘗event.category:network and host.os.type:macos and event.action:connection_attempted and
process.name:(
    Claude or "Claude Helper" or "Claude Helper (Plugin)" or Copilot or Cursor or
    "Cursor Helper" or "Cursor Helper (Plugin)" or GPT4All or Jan or "Jan Helper" or
    KoboldCpp or "LM Studio" or Ollama or Windsurf or "Windsurf Helper" or
    "Windsurf Helper (Plugin)" or bunx or claude or codex or copilot or cursor or deno or
    gemini-cli or genaiscript or gpt4all or grok or jan or koboldcpp or llama-cli or
    llama-server or lmstudio or npx or ollama or pnpm or qwen or textgen or windsurf or yarn
) and destination.domain:(* and not (
    aka.ms or anthropic.com or atlassian.com or cursor.com or cursor.sh or github.com or
    gpt4all.io or hf.co or huggingface.co or lmstudio.ai or localhost or ollama.ai or
    ollama.com or openai.com or *.aka.ms or *.akamaized.net or *.amazonaws.com or
    *.amplitude.com or *.anthropic.com or *.atlassian.com or *.aws.amazon.com or
    *.azure.com or *.cdn.cloudflare.net or *.cloudflare-dns.com or *.cloudflare.com or
    *.cloudflarestorage.com or *.codeium.com or *.cursor.com or *.cursor.sh or
    *.datadoghq.com or *.elastic-cloud.com or *.elastic.co or *.exp-tas.com or
    *.gemini.google.com or *.generativelanguage.googleapis.com or *.github.com or
    *.githubcopilot.com or *.githubusercontent.com or *.gitkraken.com or *.gitkraken.dev or
    *.google.com or *.googleapis.com or *.gpt4all.io or *.grok.x.ai or *.hf.co or
    *.honeycomb.io or *.huggingface.co or *.intercom.io or *.jan.ai or *.launchdarkly.com or
    *.lmstudio.ai or *.microsoft.com or *.mixpanel.com or *.msedge.net or *.npmjs.com or
    *.npmjs.org or *.ollama.ai or *.ollama.com or *.openai.com or *.pypi.org or
    *.r2.cloudflarestorage.com or *.segment.io or *.sentry.io or *.visualstudio.com or
    *.vsassets.io or *.vscode-cdn.net or *.windsurf.ai or *.x.ai or *.yarnpkg.com or
    *.cartocdn.com or *.chatgpt.com or *.ggpht.com or *.recaptcha.net or *.shields.io or
    *.travis-ci.com or *.travis-ci.org or *.ytimg.com or flagcdn.com or opencollective.com
))

Install detection rules in Elastic Security

Detect GenAI Process Connection to Unusual Domain in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(external, opens in a new tab or window).