Live Active security incident? Get immediate response
MITRE ATT&CK® Technique

T1682: Query Public AI Services

Adversaries may query publicly accessible artificial intelligence (AI) services, such as large language models (LLMs), to support targeting and operations. In addition to searching websites or databases directly (i.e., Search Open Websites/Domains), adversaries may use AI services to synthesize, aggregate, and analyze publicly available information at scale. This may include identifying individuals or organizations to target, researching organizational structures and personnel, identifying technologies used by target organizations, researching business relationships to develop plausible pretexts for Social Engineering approaches, identifying contact information for use in Phishing or Phishing for Information, or gathering derogatory or sensitive information about individuals that may be used for extortion or coercion.[1][2]

Information gathered through AI services may be leveraged for other behaviors, such as establishing operational resources (i.e., Generate Content or Establish Accounts. For obtaining access to AI tools and services, see Artificial Intelligence.

EnterpriseT1682TechniqueObject v1.0 Modified
Discuss defensive coverage Back to ATT&CK
Glexia's Take

Analyst context for executives and security teams

Analyst confidence Medium

Query Public AI Services describes adversaries using publicly accessible AI, including LLMs, to speed up reconnaissance. The business issue is not the AI tool itself; it is that public information about people, technologies, relationships, and contact paths can be aggregated into better targeting, phishing, social engineering, or coercion opportunities before the organization sees any intrusion telemetry.

Executive priority

Treat this as a pre-compromise risk management issue. Leaders should ask what public information would help an adversary identify executives, sensitive teams, business partners, exposed technologies, or believable pretexts. Priority should go to reducing unnecessary public disclosure, maintaining evidence of attack-surface review, and ensuring SOC and IR teams are prepared for AI-assisted reconnaissance feeding phishing or social engineering scenarios.

Technical view

This is an Enterprise ATT&CK reconnaissance technique on the PRE platform. MITRE does not provide official detection text, so defenders should not assume direct visibility into adversary AI queries. SOC and detection teams should validate indirect coverage: public exposure monitoring, external attack surface findings, brand/personnel impersonation monitoring, phishing and phishing-for-information detections, and IR enrichment that links suspicious outreach to publicly available organizational details. Relationship context includes DET0919 as a detection strategy, M1056 Pre-compromise as mitigation, and reported use by Kimsuky and APT42; use that context for threat-informed prioritization without assuming local targeting.

Likely telemetry

  • External attack surface and public web exposure inventories
  • Public website, careers page, press release, documentation, and metadata review records
  • Threat intelligence or brand monitoring related to impersonation, targeting, or exposed organizational details
  • Email security, phishing-reporting, and phishing-for-information case data
  • Web, DNS, or proxy logs only where AI service use occurs from organization-managed assets; these do not normally reveal external adversary queries

Detection direction

  • Acknowledge the primary blind spot: adversaries can query public AI services off-network, leaving little or no enterprise telemetry.
  • Use DET0919 relationship context as a prompt to define what your organization can detect indirectly rather than claiming direct detection.
  • Tune downstream detections for reconnaissance-enabled outcomes such as targeted phishing, phishing for information, social engineering pretexts, and suspicious contact with named personnel or business units.
  • Correlate suspicious outreach with recently published or overly detailed public information, such as org structure, technology disclosures, business relationships, or contact data.
  • Separate legitimate employee use of AI services from adversary reconnaissance; internal AI-service logs may support governance and data-leak prevention but are not proof of external adversary activity.

Mitigation priorities

  • Apply M1056 Pre-compromise principles: reduce the information that makes targeting easier before an intrusion begins.
  • Review and limit unnecessary public disclosure of personnel details, org charts, contact information, technology stacks, business relationships, and sensitive narratives that could support coercion or pretexting.
  • Maintain recurring external exposure reviews and document remediation for audit and risk evidence.
  • Prepare executives, help desks, recruiters, communications teams, and other public-facing staff for plausible AI-assisted social engineering and phishing-for-information attempts.
  • Feed exposure findings into SOC playbooks, incident response triage, and security awareness so suspicious outreach can be evaluated against known public data.
Analyst notes and limits

The technique is important because AI can scale synthesis of information that was already public. The supplied relationships identify Kimsuky and APT42 as groups using this behavior and M1056 as the mitigation category, but they do not establish that any specific organization is being targeted. Defensive value comes from reducing exploitable public information and strengthening detection of the follow-on behaviors described by ATT&CK.

Official ATT&CK detection content is not provided for T1682. Direct enterprise detection is inherently limited when adversaries use third-party public AI services outside the victim environment. Local conclusions require organization-specific public exposure data, telemetry from downstream phishing/social-engineering events, and any available threat intelligence.

Official MITRE ATT&CK definition

Query Public AI Services

Adversaries may query publicly accessible artificial intelligence (AI) services, such as large language models (LLMs), to support targeting and operations. In addition to searching websites or databases directly (i.e., Search Open Websites/Domains), adversaries may use AI services to synthesize, aggregate, and analyze publicly available information at scale. This may include identifying individuals or organizations to target, researching organizational structures and personnel, identifying technologies used by target organizations, researching business relationships to develop plausible pretexts for Social Engineering approaches, identifying contact information for use in Phishing or Phishing for Information, or gathering derogatory or sensitive information about individuals that may be used for extortion or coercion.[1][2]

Information gathered through AI services may be leveraged for other behaviors, such as establishing operational resources (i.e., Generate Content or Establish Accounts. For obtaining access to AI tools and services, see Artificial Intelligence.

View the same entry on attack.mitre.org (MITRE-hosted reference; in-page links above use the Glexia ATT&CK library.)

Glexia analysis

How security teams should use this page

Treat this object as behavior context, not an attribution claim. Validate the related groups, software, data sources, and mitigations against official ATT&CK relationships and your own telemetry before making control-coverage decisions.

Associated objects

Groups, software, and campaigns

Group Enterprise

G1044: APT42

APT42 is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.[1] The group primarily focuses on targets in the Middle East region, but has targeted a variety of industries and countries since at least 2015.[1] APT42 starts cyber operations through spearphishing emails and/or the PINEFLOWER Android malware, then monitors and collects information from the compromised systems and devices.[1] Finally, APT42 exfiltrates data using native features and open-source tools.[2]

APT42 activities have been linked to Magic Hound by other commercial vendors. While there are behavior and software overlaps between Magic Hound and APT42, they appear to be distinct entities and are tracked as separate entities by their originating vendor.

Group Enterprise

G0094: Kimsuky

Kimsuky is a Democratic People's Republic of Korea (DPRK)-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter experts in various fields. Its operations expanded to include the United Nations and organizations in the government, education, business services, and manufacturing sectors across the United States, Japan, Russia, and Europe. Kimsuky has focused collection on foreign policy and national security issues tied to the Korean Peninsula, nuclear policy, and sanctions. Kimsuky operations have overlapped with those of other North Korean state-sponsored cyber espionage actors as a result of ad hoc collaborations or other limited resource sharing.[1][2][3][4][5][6]

Kimsuky was assessed to be responsible for the 2014 Korea Hydro & Nuclear Power Co. compromise; other notable campaigns include Operation STOLEN PENCIL (2018), Operation Kabar Cobra (2019), and Operation Smoke Screen (2019).[7][8][9] In 2023, Kimsuky was observed using commercial large language models (LLMs) to assist with vulnerability research, scripting, social engineering and reconnaissance.[10]

DPRK threat actor cluster boundaries overlap in open source reporting, with some security researchers consolidating all attributed North Korean state-sponsored cyber activity under Lazarus Group, rather than tracking operationally distinct subgroups.

Relationship explorer

All related ATT&CK context

mitigates · Mitigation M1056: Pre-compromise Enterprise uses · Group G1044: APT42 Enterprise uses · Group G0094: Kimsuky Enterprise detects · Detection Strategy DET0919: Detection of Query Public AI Services Enterprise
Mitigations

Mitigation direction

Mitigation Enterprise

M1056: Pre-compromise

Pre-compromise mitigations involve proactive measures and defenses implemented to prevent adversaries from successfully identifying and exploiting weaknesses during the Reconnaissance and Resource Development phases of an attack. These activities focus on reducing an organization's attack surface, identify adversarial preparation efforts, and increase the difficulty for attackers to conduct successful operations. This mitigation can be implemented through the following measures:

Limit Information Exposure:

- Regularly audit and sanitize publicly available data, including job posts, websites, and social media. - Use tools like OSINT monitoring platforms (e.g., SpiderFoot, Recon-ng) to identify leaked information.

Protect Domain and DNS Infrastructure:

- Enable DNSSEC and use WHOIS privacy protection. - Monitor for domain hijacking or lookalike domains using services like RiskIQ or DomainTools.

External Monitoring:

- Use tools like Shodan, Censys to monitor your external attack surface. - Deploy external vulnerability scanners to proactively address weaknesses.

Threat Intelligence:

- Leverage platforms like MISP, Recorded Future, or Anomali to track adversarial infrastructure, tools, and activity.

Content and Email Protections:

- Use email security solutions like Proofpoint, Microsoft Defender for Office 365, or Mimecast. - Enforce SPF/DKIM/DMARC policies to protect against email spoofing.

Training and Awareness:

- Educate employees on identifying phishing attempts, securing their social media, and avoiding information leaks.

Change history

Object version and sync metadata

The fields below describe the current mirrored snapshot. When Glexia retains multiple ATT&CK source imports, you can open the table to compare the same object across releases (hashes and MITRE timestamps). For MITRE’s own release notes and roadmap, see ATT&CK resources — Updates .

ATT&CK release
19.1
Object version
1.0
Created
Modified
Raw hash
5b9e9621bce9bbbb...
Imported snapshots across ATT&CK releases (1)
Release Bundle imported Object version Modified Status Raw hash
19.1 1.0 Current bundle 5b9e9621bce9…
Raw source

Mirrored ATT&CK source object

The raw object is retained through the mirrored ATT&CK source bundle and object hash. The raw endpoint returns the exact object from the mirrored bundle when available.

Open mirrored raw JSON Open MITRE-hosted copy
Source references

External references and citations

MITRE external references are preserved separately from Glexia analysis so citations remain traceable to their original source records.

  1. [1]
    MSFT-AI

    Microsoft Threat Intelligence. (2024, February 14). Staying ahead of threat actors in the age of AI. Retrieved March 11, 2024.

    Open source URL
  2. [2]
    GTIG AI Threat Tracker

    Google Threat Intelligence Group . (2026, February 12). GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use. Retrieved March 25, 2026.

    Open source URL
  3. [3]
    mitre-attack T1682
    Open source URL
Source and licensing

Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.

Official MITRE ATT&CK site Official STIX data repository MITRE ATT&CK terms of use