Live Active security incident? Get immediate response
MITRE ATT&CK® Detection Strategy

DET0919: Detection of Query Public AI Services

DET0919 is a detection strategy for recognizing adversary reconnaissance that uses public AI services to research targets, synthesize open-source informati...

EnterpriseDET0919Detection StrategyObject v1.0 Modified
Discuss defensive coverage Back to ATT&CK
Glexia's Take

Analyst context for executives and security teams

Analyst confidence Medium

DET0919 is a detection strategy for recognizing adversary reconnaissance that uses public AI services to research targets, synthesize open-source information, or support operational planning. Its business significance is not that AI access is inherently malicious, but that public AI services can accelerate pre-attack research while leaving little or no evidence inside traditional endpoint or network controls unless the organization has relevant web, proxy, identity, or acceptable-use visibility.

Executive priority

Treat this as a governance and visibility question for reconnaissance risk. Leaders should ask whether the organization can distinguish approved employee use of public AI services from suspicious research patterns, whether policy and logging support investigations, and whether SOC and incident response teams have evidence to explain possible pre-incident exposure. This is relevant to resilience, compliance evidence, and risk prioritization because the ATT&CK relationship ties the strategy to reconnaissance activity before direct compromise may be visible.

Technical view

The supplied ATT&CK object has no official detection text, platforms, or tactics, but it detects T1682, Query Public AI Services, which is associated with reconnaissance and the PRE platform. SOC and detection teams should validate whether they can observe access to public AI services and correlate that activity with user identity, source network, timing, destination, and business context. Detection logic should focus on anomalous or policy-relevant use rather than assuming all AI-service access is hostile.

Likely telemetry

  • Web proxy, secure web gateway, DNS, or firewall records showing access to public AI service domains where available
  • Identity and access context for the user, device, or network source associated with AI-service queries
  • Cloud or SaaS access logs if public AI services are accessed through managed browsers, CASB, or enterprise controls
  • Endpoint or browser activity metadata where collection is authorized and appropriate
  • Policy exceptions, approved AI-use records, and business justification data to reduce false positives

Detection direction

  • Inventory which public AI services are visible in existing web, DNS, identity, and SaaS telemetry; the ATT&CK object does not specify a required platform or detection method.
  • Baseline normal business use so detections do not over-alert on sanctioned productivity, research, engineering, or security activity.
  • Prioritize correlation over single-event alerts: unusual user, unusual source, unusual volume, off-hours access, or access shortly before other reconnaissance indicators may be more meaningful.
  • Document blind spots where personal devices, unmanaged networks, encrypted traffic, or direct consumer-service access bypass enterprise logging.
  • Use the relationship to T1682 as context: this is reconnaissance-oriented detection, so absence of endpoint compromise evidence does not rule out relevance.

Mitigation priorities

  • Establish or confirm an AI acceptable-use policy that defines approved services, data handling expectations, and investigation boundaries.
  • Route managed-user access through logging and policy-enforcement points where feasible, such as web security, DNS, identity, or SaaS controls.
  • Maintain allowlists, blocklists, or review workflows based on business need rather than applying a one-size-fits-all restriction.
  • Train SOC and IR teams on how AI-service access may appear in logs and how to separate legitimate usage from suspicious reconnaissance context.
  • Preserve audit evidence showing policy, logging coverage, exceptions, and response procedures for regulated or high-risk environments.
Analyst notes and limits

This take is based on the detection strategy object DET0919 and its relationship to T1682, Query Public AI Services. Because the official description and official detection fields are not provided, the guidance emphasizes validation of visibility, policy, and correlation rather than asserting specific analytics or guaranteed coverage.

ATT&CK does not provide platforms, tactics, detection text, or implementation details for this detection strategy in the supplied fields. Local service inventory, logging architecture, privacy requirements, and approved AI-use policy are required before deciding whether specific activity is suspicious.

Official MITRE ATT&CK definition

Detection of Query Public AI Services

No official description is available in the imported ATT&CK source object.

View the same entry on attack.mitre.org (MITRE-hosted reference; in-page links above use the Glexia ATT&CK library.)

Glexia analysis

How security teams should use this page

Treat this object as behavior context, not an attribution claim. Validate the related groups, software, data sources, and mitigations against official ATT&CK relationships and your own telemetry before making control-coverage decisions.

ATT&CK relationship table

Techniques used

This mirrors the MITRE pattern of making group, software, campaign, and technique relationships scannable. Relationship notes come from mirrored ATT&CK relationship text when available.

1 rows
Domain ID Name Relationship / procedure
Enterprise T1682 Query Public AI Services This object detects Query Public AI Services.
Relationship explorer

All related ATT&CK context

detects · Technique T1682: Query Public AI Services Enterprise
Change history

Object version and sync metadata

The fields below describe the current mirrored snapshot. When Glexia retains multiple ATT&CK source imports, you can open the table to compare the same object across releases (hashes and MITRE timestamps). For MITRE’s own release notes and roadmap, see ATT&CK resources — Updates .

ATT&CK release
19.1
Object version
1.0
Created
Modified
Raw hash
acd61cc3c7189759...
Imported snapshots across ATT&CK releases (1)
Release Bundle imported Object version Modified Status Raw hash
19.1 1.0 Current bundle acd61cc3c718…
Raw source

Mirrored ATT&CK source object

The raw object is retained through the mirrored ATT&CK source bundle and object hash. The raw endpoint returns the exact object from the mirrored bundle when available.

Open mirrored raw JSON Open MITRE-hosted copy
Source references

External references and citations

MITRE external references are preserved separately from Glexia analysis so citations remain traceable to their original source records.

  1. [1]
    mitre-attack DET0919
    Open source URL
Source and licensing

Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.

Official MITRE ATT&CK site Official STIX data repository MITRE ATT&CK terms of use