Infringement
Codebase Integrity Compromise
Data Loss
Delegated Execution via Artificial Intelligence Agents
Denial of Service
Digital Defacement
Disruption of Business Operations
Excessive Personal Use
Exfiltration via Automated Transcription
Exfiltration via Email
Exfiltration via Media Capture
Exfiltration via Messaging Applications
Exfiltration via Other Network Medium
Exfiltration via Physical Medium
- Exfiltration via Bring Your Own Device (BYOD)
- Exfiltration via Disk Media
- Exfiltration via Floppy Disk
- Exfiltration via New Internal Drive
- Exfiltration via Physical Access to System Drive
- Exfiltration via Physical Documents
- Exfiltration via Target Disk Mode
- Exfiltration via USB Mass Storage Device
- Exfiltration via USB to Mobile Device
- Exfiltration via USB to USB Data Transfer
Exfiltration via Screen Sharing
Exfiltration via SMS/MMS
Exfiltration via Web Service
External Credential Sharing
Harassment and Discrimination
Inappropriate Web Browsing
Installing Malicious Software
Installing Unapproved Software
Internal Credential Sharing
Misappropriation of Funds
Non-Corporate Device
Providing Access to a Unauthorized Third Party
Public Statements Resulting in Brand Damage
Regulatory Non-Compliance
Sharing on AI Chatbot Platforms
Theft
Unauthorized Changes to IT Systems
Unauthorized Presence in Restricted Physical Areas
Unauthorized Printing of Documents
Unauthorized VPN Client
Unlawfully Accessing Copyrighted Material
- ID: IF034
- Created: 28th April 2026
- Updated: 28th April 2026
- Contributor: The ITM Team
Exfiltration via Automated Transcription
Exfiltration via automated transcription refers to the capture and conversion of spoken information into structured, persistent data through the use of transcription technologies, including AI-enabled note-taking tools, meeting assistants, and speech-to-text systems.
Unlike traditional media capture techniques, this behavior does not merely reproduce information, it transforms ephemeral verbal communication into searchable, shareable, and analyzable content. This significantly increases the utility and scalability of exfiltrated data, enabling subjects to accumulate large volumes of sensitive information over time with minimal manual effort.
This technique may occur using external tools operating outside organizational control or through misuse of approved or embedded transcription capabilities within enterprise platforms. As a result, it spans both out-of-band and in-band exfiltration paths, making it distinct from media capture behaviors.
In addition to software-based transcription tools, subjects may leverage dedicated or repurposed hardware to capture audio streams for later transcription or processing. This includes the use of intermediary devices capable of intercepting microphone input or headphone output, such as inline audio capture adapters, modified peripherals, or secondary recording devices connected to audio interfaces.
These methods enable the subject to capture high-quality audio directly from system inputs or outputs without relying on visible applications or introducing detectable software artifacts. In such cases, audio may be recorded covertly and later processed through transcription tools outside the organizational environment, further separating the point of capture from the point of transformation and exfiltration.
Exfiltration via automated transcription is particularly effective in environments where sensitive information is frequently communicated verbally, including strategic discussions, incident response, legal proceedings, and technical collaboration. The presence of this behavior may indicate deliberate collection of high-value conversational intelligence, especially where transcription outputs are retained, aggregated, or transferred beyond approved boundaries.
From an investigative perspective, this technique introduces a shift from event-based capture to continuous collection, where subjects build structured datasets over time. Detection therefore relies on identifying tool usage, data flows, and the presence of generated artifacts, rather than isolated capture events.