Means
Ability to Modify Cloud Resources
Access
Aiding and Abetting
Bluetooth
Bring Your Own Device (BYOD)
Clipboard
Corporate-Issued Device
Delegated Access via Managed Service Providers
Enterprise-Integrated AI Platforms
FTP Servers
Installed Software
Media Capture
Network Attached Storage
Physical Disk Access
Placement
Printing
Privileged Access
Removable Media
Screenshots and Screen Recording
Sensitivity Label Leakage
SMB File Sharing
SSH Servers
System Startup Firmware Access
Unauthorized Access to Unassigned Hardware
Unmanaged Credential Storage
Unrestricted Software Installation
Unrevoked Access
Web Access
- ID: ME030.002
- Created: 18th March 2026
- Updated: 18th March 2026
- Contributor: The ITM Team
AI Platform System Interaction Capability
A subject has access to an artificial intelligence (AI) platform that is integrated with internal systems and capable of interacting with those systems through APIs, service accounts, automation frameworks, or agent interaction protocols (e.g., Model Context Protocol (MCP)), where the platform operates with permissions or capabilities that exceed typical user-level access controls.
These platforms are connected to enterprise systems such as identity services, ticketing platforms, communication tools, file storage systems, and other operational applications. Integration enables the platform to execute actions, retrieve data, or interact with system functionality on behalf of the user.
In some implementations, the platform is granted broad or persistent permissions to support automation and cross-system functionality. These permissions may not align precisely with the subject’s role-based access and may allow the platform to perform actions or retrieve data beyond what the subject could achieve through direct interaction with the underlying systems.
The AI platform may:
- Execute actions against internal systems through API integrations.
- Operate using service accounts with elevated or persistent privileges.
- Trigger workflows or automation processes across multiple systems.
- Interact with system functionality outside standard user interfaces.
- Perform actions or retrieve data using permissions not directly available to the subject.
This interaction model creates a divergence between the subject’s direct capabilities and the effective capabilities available through the AI platform. Actions that would normally require elevated access, multi-system coordination, or additional authorization may be performed through the platform’s integrated functionality.
The presence of AI platforms with system interaction capability and insufficiently constrained permissions provides the subject with a means to interact with internal systems and services beyond their intended role-based authority.