Data Sources & Components

7 STIX data sources with 19 data components for detecting adversary behaviors in LLM-integrated development environments.

Agent Tool Invocations

Records of tool invocations made by autonomous coding agents, capturing tool selection, authorization, execution, and results.

Windows macOS Linux Host Application
├─

Tool Authorization Event

Events capturing authorization decisions for agent tool invocations, including approvals, rejections, and auto-approvals.

detects: AIDE-004 — MCP Server Configuration Tampering AIDE-005 — Agent Tool-Invocation Hijacking
├─

Tool Call Response

Events capturing the response returned by a tool invocation, including output content and status.

detects: AIDE-008 — Autonomous Agent Command Execution Abuse AIDE-005 — Agent Tool-Invocation Hijacking
├─

Tool Call Request

Events capturing an agent's request to invoke a specific tool, including tool name, arguments, and triggering context.

detects: AIDE-014 — Agent Permission Inheritance Exploitation AIDE-005 — Agent Tool-Invocation Hijacking AIDE-015 — LLM-Directed Environment Discovery AIDE-016 — Agent-Facilitated Lateral Movement AIDE-008 — Autonomous Agent Command Execution Abuse AIDE-004 — MCP Server Configuration Tampering

Code Generation Events

Records of code generation and completion events, capturing the lifecycle from suggestion to acceptance or rejection.

Windows macOS Linux Host Application
├─

Code Suggestion Generated

Events capturing each code suggestion produced by the LLM, including code content, context, and security scan results.

detects: AIDE-007 — Adversarial Code Generation Steering AIDE-003 — Cross-Context Adversarial Prompt Injection AIDE-019 — Self-Replicating Prompt Propagation AIDE-009 — AI-Assisted Supply Chain Propagation
├─

Code Suggestion Accepted/Rejected

Events capturing the developer's decision to accept or reject a code suggestion.

detects: AIDE-009 — AI-Assisted Supply Chain Propagation AIDE-007 — Adversarial Code Generation Steering

Context Assembly Pipeline

Records of the IDE's context assembly process that selects, retrieves, and packages data into the LLM's context window.

Windows macOS Linux Host Application
├─

Repository Context Retrieval

Events capturing retrieval of context from remote repositories, package registries, or documentation sources.

detects: AIDE-019 — Self-Replicating Prompt Propagation AIDE-009 — AI-Assisted Supply Chain Propagation AIDE-012 — Code Completion Model Poisoning
├─

External Context Fetch

Events capturing context retrieval from external sources beyond repositories including web pages and MCP resources.

detects: AIDE-009 — AI-Assisted Supply Chain Propagation AIDE-003 — Cross-Context Adversarial Prompt Injection
├─

File Context Inclusion

Events capturing which local files are included in the LLM context window for each inference request.

detects: AIDE-009 — AI-Assisted Supply Chain Propagation AIDE-018 — IDE Session Memory Persistence Poisoning AIDE-013 — LLM-Mediated Codebase Reconnaissance AIDE-019 — Self-Replicating Prompt Propagation AIDE-003 — Cross-Context Adversarial Prompt Injection AIDE-011 — Context Window Sensitive Data Exfiltration

Extension Lifecycle

Records of IDE extension installation, configuration, and runtime behavior, with focus on extensions interacting with LLM subsystems.

Windows macOS Linux Host Application
├─

Extension API Call

Events capturing runtime API calls made by extensions, particularly those interacting with LLM pipelines.

detects: AIDE-010 — LLM Extension/Plugin Trojanization
├─

Extension Installation

Events capturing the installation or update of IDE extensions.

detects: AIDE-010 — LLM Extension/Plugin Trojanization
├─

Extension Configuration Change

Events capturing changes to extension configuration, including changes by LLM agents.

detects: AIDE-010 — LLM Extension/Plugin Trojanization

IDE Configuration Store

Records of changes to IDE configuration files that influence AI assistant behavior, tool registration, and security settings.

Windows macOS Linux Host Application
├─

Configuration File Modification

Events capturing modifications to AI-relevant configuration files within the IDE and project workspace.

detects: AIDE-004 — MCP Server Configuration Tampering AIDE-002 — Steganographic Instruction Embedding AIDE-001 — IDE Configuration File Poisoning AIDE-018 — IDE Session Memory Persistence Poisoning
├─

Configuration File Creation

Events capturing creation of new AI-relevant configuration files, particularly when created by LLM agents.

detects: AIDE-001 — IDE Configuration File Poisoning AIDE-018 — IDE Session Memory Persistence Poisoning AIDE-004 — MCP Server Configuration Tampering

LLM Inference Logs

Records generated by the LLM inference pipeline within the IDE, capturing inputs, outputs, and metadata of each inference request.

Windows macOS Linux Host Application
├─

Token Metadata

Metadata about inference requests including token counts, model selection, latency, and processing parameters.

detects: AIDE-003 — Cross-Context Adversarial Prompt Injection AIDE-011 — Context Window Sensitive Data Exfiltration AIDE-017 — LLM API Traffic as Covert C2 Channel
├─

Prompt Content

Full text of prompts sent to the LLM including system prompts, user instructions, and assembled context.

detects: AIDE-007 — Adversarial Code Generation Steering AIDE-011 — Context Window Sensitive Data Exfiltration AIDE-001 — IDE Configuration File Poisoning AIDE-003 — Cross-Context Adversarial Prompt Injection AIDE-006 — LLM-Mediated Credential Harvesting AIDE-018 — IDE Session Memory Persistence Poisoning AIDE-013 — LLM-Mediated Codebase Reconnaissance AIDE-019 — Self-Replicating Prompt Propagation AIDE-002 — Steganographic Instruction Embedding
├─

Response Content

Full text of LLM responses including generated code, explanations, and tool call requests.

detects: AIDE-003 — Cross-Context Adversarial Prompt Injection AIDE-007 — Adversarial Code Generation Steering AIDE-011 — Context Window Sensitive Data Exfiltration AIDE-017 — LLM API Traffic as Covert C2 Channel AIDE-019 — Self-Replicating Prompt Propagation

MCP Protocol Traffic

Records of Model Context Protocol communication between IDE and MCP tool servers, capturing server discovery, tool registration, and resource access.

Windows macOS Linux Host Application
├─

Server Registration

Events capturing the registration or discovery of MCP tool servers by the IDE.

detects: AIDE-017 — LLM API Traffic as Covert C2 Channel AIDE-004 — MCP Server Configuration Tampering
├─

Tool Discovery

Events capturing the IDE's discovery of available tools from registered MCP servers.

detects: AIDE-005 — Agent Tool-Invocation Hijacking AIDE-004 — MCP Server Configuration Tampering
├─

Resource Access

Events capturing the IDE's access to resources provided by MCP servers.

detects: AIDE-013 — LLM-Mediated Codebase Reconnaissance AIDE-005 — Agent Tool-Invocation Hijacking
Ask about AIDE-TACT
Set API key in Settings
Thinking...

No account? Have an account?