The AI Kill Chain

A Modern Security Framework to Identify, Prevent, and Mitigate AI-Driven and Agentic Threats 

10

Actions on Objectives

9

AI C&C

8

Persistence

7

Lateral Movement

6

Privilege Escalation

5

Tool & Environment Interaction

4

Reasoning & Time Execution

3

Instruction & Weaponization

2

Trust & Manipulation

1

AI Recon

Read the Whitepaper
New Landscape. New Risks.

AI systems - particularly LLMs, and agentic workflows - introduce a fundamentally new risk surface to modern software systems. Unlike traditional application vulnerabilities, AI failures frequently arise without exploitation, without malware, and without unauthorized access. Instead, incidents emerge from normal system behavior operating without sufficient control over goals, authority, and memory.

A New Approach

This new landscape requires a new approach - in effect, a new kill chain. One that reframes AI security from the classic approach, and even a “prompt-level” concern, into a system-level governance problem. Because AI systems introduce risks that differ materially from traditional software.

The AI Kill Chain Framework

Click on a technique under each stage to learn more

Stage 1

AI Recon

Stage 2

Trust Establishment & Manipulation

Stage 3

Instruction & Input Weaponization

Stage 4

Reasoning & Time Execution

Stage 5

Tool & Environment Exploitation

Stage 6

Privilege Escalation

Stage 7

Lateral Movement

Stage 8

Persistence

Stage 9

AI-Native Command & Control

Stage 10

Actions on Objectives

Prompt Probing & Behavioral Fingerprinting

Authority Impersonation

Direct Prompt Injection

Reasoning Hijack & Goal Substitution

Unauthorized Tool Invocation

Tool Scope Escalation

Inter-Agent Prompt Injection

Memory Poisoning

Human-in-the-Loop Command and Control

Data Exfiltration via AI

Tool Surface Discovery

Gradual Alignment Erosion

Indirect Prompt Injection (RAG / Documents)

Instruction Flooding / Cognitive Overload

Over-Privileged Tool Chaining

Context-Based Privilege Inference

Shared Memory Poisoning

RAG Knowledge Base Poisoning

Scheduled / Trigger-Based Control

Tool-Mediated Exfiltration

Safety Boundary Mapping

Role Injection / Persona Rebinding

Instruction Smuggling / Format Confusion

Recursive Task Expansion

Automation / Workflow Abuse

Agent Delegation Abuse

Workflow / Automation Hijacking

Feedback Loop Exploitation

Encoded Output Signaling

Autonomous Fraud / Abuse

Context / Token Pressure Attacks

Urgency and Pressure Shaping

Tool Argument Poisoning

Policy Shadowing

External Service Abuse via Tools

Credential Overreach via AI

Agent Impersonation

Fine-Tuning Data Poisoning

Context Rehydration

Supply-Chain Propagation

RAG / Knowledge Source Inference

Consent Manufacturing

Memory Seeding (Pre-Persistence)

False-Premise Anchoring / Hallucination Steering

Tool Result Poisoning

Accumulated Privilege via Action History

Cross-System Context Leakage

Cached Context Abuse

Feedback-Driven Control

Trust & Integrity Erosion

Memory & State Detection

Policy Shadowing

Operational Disruption

Hallucination & Confidence Testing

Relationship and Rapport Attacks

Error & Failure Mode Analysis

Cognitive Overload and Confusion

Human-in-the-Loop Reconnaissance

AI Threat Advisory Reports

The Lineaje AI Threat Advisory provides analysis of recent AI risks, abuse patterns, and exploitation techniques targeting AI systems, including large language models, MCP servers, and AI agents.
Reasoning Hijack
Single Click Microsoft Copilot Attack
Docker Dash RCE
Learn more

Secure AI Applications at Build Time

Get the confidence that Agentic AI applications consistently adhere to corporate security standards — while enabling your developers to focus on speed and innovation.
Learn more
The Lineaje Blog

Eye of the Tiger

AI Security
When Your AI Agent Runs as You
February 3, 2026
Software Supply Chain
Zero-Vulnerability Software Is Possible: Discover A Viable Path
January 8, 2026
Software Supply Chain
Golden Dome for America: A New Benchmark for Cybersecurity in Defense Supply Chains
October 2, 2025
View more articles

Secure Agentic AI Applications at Build Time.

Get the confidence that Agentic AI applications consistently adhere to corporate security standards - while enabling your developers to focus on speed and innovation.

Talk to Us
Products
Full-Lifecycle Software Supply Chain SecurityGold Open SourceSCA360SBOM360SBOM360 HubThird Party Risk ManagerLineaje AI
Use cases
Eliminate Vulnerability ExposureKnow What’s in Your SoftwareDeploy Self-Healing ContainersFix All Vulnerabilities AutomaticallyComply with Global Regulations
cOMPANY
About UsPartnersLineaje FederalContact UsSummits
rESOURCES
BlogFeatureHubLearning CenterNews & Coverage
© 2025 Lineaje Inc
Terms & Conditions
Privacy Policy