About LOLAI

🎯 Mission

LOLAI (Living Off The Land AI) aims to document and catalog AI agents and assistants that can be weaponized, abused, or exploited in both enterprise and personal computing environments. As AI agents become more prevalent and powerful, understanding their security implications is crucial for defenders and security professionals.

🤖 What We Track

We focus on documenting AI agents with the following characteristics:

  • System Access: Agents with file system, terminal, or API access
  • Code Execution: Ability to execute arbitrary code or commands
  • Autonomous Behavior: Agents that can operate without constant human oversight
  • Network Capabilities: Tools with network communication abilities
  • Plugin/Extension Systems: Platforms that support third-party extensions

📚 Inspiration

LOLAI is inspired by successful "Living Off The Land" projects:

  • GTFOBins - Unix binaries that can be used to bypass local security restrictions
  • LOLBAS - Living Off The Land Binaries, Scripts and Libraries for Windows
  • LOLDrivers - Windows drivers used by attackers to bypass security software
  • LOLRMM - Remote monitoring and management tools used in attacks

🎓 Use Cases

LOLAI serves multiple audiences:

For Blue Teams & Defenders

  • Understand attack vectors and TTPs involving AI agents
  • Implement detection rules and monitoring strategies
  • Develop incident response playbooks
  • Identify artifacts and IOCs for forensic analysis

For Red Teams & Penetration Testers

  • Discover legitimate tools for authorized testing
  • Understand capabilities and limitations
  • Plan attack scenarios and simulations
  • Evaluate organizational security posture

For Security Researchers

  • Research emerging threats in AI security
  • Contribute findings to the community
  • Map techniques to MITRE ATT&CK framework
  • Develop new detection methodologies

For Organizations

  • Assess risks of AI agent deployment
  • Create security policies and guidelines
  • Implement access controls and monitoring
  • Train security teams on AI-specific threats

🔬 Methodology

Each agent entry includes:

  • Technical Details: Capabilities, platforms, privilege requirements
  • Attack Vectors: Documented abuse scenarios with examples
  • MITRE ATT&CK Mapping: Alignment with industry-standard tactics and techniques
  • Artifacts: Logs, configurations, and forensic indicators
  • Detection Methods: Network, host, and behavioral detection strategies
  • Prevention: Mitigation techniques and security controls
  • References: Links to documentation, research, and CVEs

🤝 Contributing

LOLAI is an open-source, community-driven project. We welcome contributions from security researchers, developers, and anyone interested in AI security.

Ways to contribute:

  • Submit new AI agents via Pull Request
  • Update existing entries with new techniques
  • Improve detection methods and IOCs
  • Add MITRE ATT&CK mappings
  • Report issues or suggest improvements
  • Share the project with your network

Contribute on GitHub →

⚠️ Responsible Disclosure

We are committed to responsible disclosure practices. This project is intended for defensive and educational purposes only.

  • We do not publish active 0-day vulnerabilities
  • All information is derived from public sources or authorized research
  • We coordinate with vendors for responsible disclosure when appropriate
  • Techniques should only be used in authorized testing environments

📊 Statistics

10 AI Agents Documented
3 Categories
18 MITRE Techniques

📞 Contact

Have questions, suggestions, or want to report an issue?

📜 License

LOLAI is released under the MIT License. You are free to use, modify, and distribute this project with attribution.