ATLASAML.T0082
ATLAS index
AML.T0082
RAG Credential Harvesting
Adversaries may attempt to use their access to a large language model (LLM) on the victim's system to collect credentials. Credentials may be stored in internal documents which can inadvertently be ingested into a RAG database, where they can ultimately be retrieved by an AI agent.
- Framework
- MITRE ATLAS
- Maturity
- Demonstrated
- Platforms
- Generative AI, Agentic AI
- Release
- 2026.05
Overview
Adversaries may attempt to use their access to a large language model (LLM) on the victim's system to collect credentials. Credentials may be stored in internal documents which can inadvertently be ingested into a RAG database, where they can ultimately be retrieved by an AI agent.