splunk · nasbench · Mar 14, 2026 · Mar 12, 2026 · Mar 12, 2026 · Mar 13, 2026
@@ -0,0 +1,59 @@
+name: Linux Auditd AI CLI Permission Override Activated
+id: 737e8baa-d44e-4fa9-8281-24056ed424c0
+version: 1
+date: '2026-03-12'
+author: Teoderick Contreras, Splunk
+status: production
+type: Anomaly
+description: |
+    This detection identifies when an AI command-line tool is launched in an unsafe mode that bypasses normal safety checks and user approvals.
+    For instance, running claude --dangerously-skip-permissions skips all safety restrictions, allowing the tool to operate freely, while gemini --yolo automatically approves all actions without prompting the user.
+    These modes, often called permission overrides or YOLO mode, let the AI execute commands, modify files, or perform tasks without confirmation.
+    Detecting their use is important to prevent unintended or potentially harmful operations.
+data_source:
+    - Linux Auditd Proctitle
+search: |-
+    `linux_auditd` (proctitle = "*gemini*" AND proctitle IN ("*--yolo*", "*-y *")) OR
+    (proctitle = "*claude*" AND proctitle= "*--dangerously-skip-permissions*")
+    | rename host as dest
+    | stats count min(_time) as firstTime max(_time) as lastTime
+      BY proctitle dest
+    | `security_content_ctime(firstTime)`
+    | `security_content_ctime(lastTime)` | `linux_auditd_ai_cli_permission_override_activated_filter`
+how_to_implement: To implement this detection, the process begins by ingesting auditd data, that consist SYSCALL, TYPE, EXECVE and PROCTITLE events, which captures command-line executions and process details on Unix/Linux systems. These logs should be ingested and processed using Splunk Add-on for Unix and Linux (https://splunkbase.splunk.com/app/833), which is essential for correctly parsing and categorizing the data. The next step involves normalizing the field names  to match the field names set by the Splunk Common Information Model (CIM) to ensure consistency across different data sources and enhance the efficiency of data modeling. This approach enables effective monitoring and detection of linux endpoints where auditd is deployed
+known_false_positives: An administrator or network operator might execute this command legitimately. Please apply the necessary filters to tune that activity.
+references:
+    - https://x.com/Mandiant/status/2031097693620081042?s=20
+drilldown_searches:
+    - name: View the detection results for - "$dest$"
+      search: '%original_detection_search% | search  dest = "$dest$"'
+      earliest_offset: $info_min_time$
+      latest_offset: $info_max_time$
+    - name: View risk events for the last 7 days for - "$dest$"
+      search: '| from datamodel Risk.All_Risk | search normalized_risk_object IN ("$dest$") starthoursago=168  | stats count min(_time) as firstTime max(_time) as lastTime values(search_name) as "Search Name" values(risk_message) as "Risk Message" values(analyticstories) as "Analytic Stories" values(annotations._all) as "Annotations" values(annotations.mitre_attack.mitre_tactic) as "ATT&CK Tactics" by normalized_risk_object | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)`'
+      earliest_offset: $info_min_time$
+      latest_offset: $info_max_time$
+rba:
+    message: A [$proctitle$] event occurred on host - [$dest$] to bypass AI safety execution with permission override.
+    risk_objects:
+        - field: dest
+          type: system
+          score: 20
+    threat_objects: []
+tags:
+    analytic_story:
+        - QuietVault
+    asset_type: Endpoint
+    mitre_attack_id:
+        - T1480
+    product:
+        - Splunk Enterprise
+        - Splunk Enterprise Security
+        - Splunk Cloud
+    security_domain: endpoint
+tests:
+    - name: True Positive Test
+      attack_data:
+        - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1480/ai_cli_override/gemini_yolo.log
+          source: auditd
+          sourcetype: auditd
@@ -1,7 +1,7 @@
 name: Linux Auditd Unix Shell Configuration Modification
 id: 66f737c6-3f7f-46ed-8e9b-cc0e5bf01f04
 version: 9
-date: '2026-03-10'
+date: '2026-03-12'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
@@ -85,6 +85,7 @@ tags:
         - Linux Privilege Escalation
         - Linux Persistence Techniques
         - Compromised Linux Host
+        - QuietVault
     asset_type: Endpoint
     mitre_attack_id:
         - T1546.004

@@ -1,7 +1,7 @@
 name: Linux Auditd Whoami User Discovery
 id: d1ff2e22-310d-446a-80b3-faedaa7b3b52
 version: 7
-date: '2026-03-10'
+date: '2026-03-12'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
@@ -45,6 +45,7 @@ tags:
         - Linux Privilege Escalation
         - Linux Persistence Techniques
         - Compromised Linux Host
+        - QuietVault
     asset_type: Endpoint
     mitre_attack_id:
         - T1033

@@ -0,0 +1,18 @@
+name: QuietVault
+id: abe8a796-76dd-47df-b525-e2024213560b
+version: 1
+date: '2026-03-12'
+author: Teoderick Contreras, Splunk
+status: production
+description: QUIETVAULT is a JavaScript‑based credential‑stealing malware identified by Google’s Threat Intelligence Group that targets GitHub and npm tokens by exfiltrating them to a publicly accessible GitHub repository. In addition to stealing these credentials, QUIETVAULT leverages on‑host installed AI CLI tools and crafted AI prompts to search the infected system for other sensitive secrets, which it then also exfiltrates. This reflects a broader trend of threat actors integrating AI‑driven tooling into malware to enhance automated discovery and data theft in real‑world operations, signaling a shift toward more adaptable and intelligent malicious software.
+narrative: In recent threat intelligence reporting, security researchers uncovered a new AI‑assisted malware strain called QUIETVAULT that quietly infiltrates systems to steal valuable credentials. Once inside, it not only captures GitHub and npm tokens but also uses local AI command‑line tools with crafted prompts to hunt for other secrets stored on the machine and upload them to a public repository. This demonstrates how attackers are adapting artificial intelligence into their tools to automate deeper data harvesting and expand their reach, increasing the risk and complexity of modern cybercrime.
+references:
+  - https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools?linkId=60744249
+tags:
+  category:
+  - Malware
+  product:
+  - Splunk Enterprise
+  - Splunk Enterprise Security
+  - Splunk Cloud
+  usecase: Advanced Threat Detection