AI Artifact Collection
Adversaries may collect AI artifacts for Exfiltration or for use in AI Attack Staging. AI artifacts include models and datasets as well as other telemetry data produced when interacting with a model.
Collection
Realized
AML.TA0009 · ATLAS tactic
Collection
Overview
The adversary is trying to gather AI artifacts and other related information relevant to their goal.
Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to steal (exfiltrate) the AI artifacts, or use the collected information to stage future operations. Common target sources include software repositories, container registries, model repositories, and object stores.
6 mapped techniques · ATLAS 2026.05
Data from Information Repositories
Adversaries may leverage information repositories to mine valuable information. Information repositories are tools that allow for storage of information, typically to facilitate collaboration or information sharing between users, and can store a wide variety of data that may aid adversaries in further objectives, or di
Collection
Realized
Data from Local System
Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration. This can include basic fingerprinting information and sensitive data such as ssh keys.
Collection
Realized
Data from AI Services
Adversaries may use their access to a victim organization's AI enabled services to collect proprietary or otherwise sensitive information. As organizations adopt generative AI in centralized services for accessing an organization's data, such as with chat agents which can access retrieval augmented generation (RAG) dat
Collection
Demonstrated
RAG Databases
Adversaries may prompt the AI service to retrieve data from a RAG database. This can include the majority of an organization's internal documents.
Collection
Demonstrated
AI Agent Tools
Adversaries may prompt the AI service to invoke various tools the agent has access to. Tools may retrieve data from different APIs or services in an organization.
Collection
Demonstrated