Valid Accounts
This technique has been observed in real-world attacks on AI systems.
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access. Credentials may take the form of usernames and passwords of individual user accounts or API keys that provide access to various AI resources and services.
Compromised credentials may provide access to additional AI artifacts and allow the adversary to perform [Discover AI Artifacts](/techniques/AML.T0007). Compromised credentials may also grant an adversary increased privileges such as write access to AI artifacts used during development or production.