Attack of the automated ops.

Today we are joined by ⁠Dario Pasquini⁠, Principal Researcher at ⁠RSAC⁠, sharing the team's work on WhenAIOpsBecome “AI Oops”: Subverting LLM-driven IT Operations via Telemetry Manipulation. A first-of-its-kind security analysis showing that LLM-driven AIOps agents can be tricked by manipulated telemetry, turning automation itself into a new attack vector.

The researchers introduce AIOpsDoom, an automated reconnaissance + fuzzing + LLM-driven telemetry-injection attack that performs “adversarial reward-hacking” to coerce agents into harmful remediations—even without prior knowledge of the target and even against some prompt-defense tools. They also present AIOpsShield, a telemetry-sanitization defense that reliably blocks these attacks without harming normal agent performance, underscoring the urgent need for security-aware AIOps design.

The research can be found here:

• ⁠⁠⁠⁠When AIOps Become “AI Oops”: Subverting LLM-driven IT Operations via Telemetry Manipulation⁠