Probe and check coverage aligned to AML
T0024 (Exfiltration via LLM Inference).
MITRE ATLAS / AML.T0024
AML.T0024: Exfiltration via LLM Inference
Use crafted inference calls to leak training data, system prompts, or RAG context.
Last reviewed June 2026
Problem
The gap AML.T0024 closes
Exfiltration via LLM Inference sits in the exfiltration surface, and MITRE ATLAS rates it high. Use crafted inference calls to leak training data, system prompts, or RAG context. For teams shipping LLM and agentic features, a control like this is only as good as the evidence that it was actually tested - an unverified control is a finding waiting for an auditor.
How Penaxtra approaches it
How Penaxtra delivers AML.T0024
Penaxtra maps its probe families to this ATLAS technique, so adversarial activity matching exfiltration via llm inference surfaces as a finding carrying the AML.T0024 technique identifier - ready for ATT&CK-style threat tracking and reporting. Every relevant finding is created with the MITRE ATLAS AML.T0024 identifier already attached, so it lands in the audit-evidence pack mapped to the control rather than as a screenshot someone has to translate later. Where the same weakness touches another framework, the cross-framework overlap means one finding satisfies several control cells at once.
Technical capabilities
AML.T0024 capabilities
Findings tagged with the MITRE ATLAS AML
T0024 control identifier.
Severity context (MITRE ATLAS rates this high)
Cross-framework overlap so one finding maps to several control cells
PDF and JSON audit-evidence export with the control id attached
Compliance mapping
AML.T0024 compliance mapping
Findings for AML.T0024 carry the MITRE ATLAS AML.T0024 identifier and cross-map to the related controls in the other five frameworks Penaxtra covers.
FAQ
Frequently asked
What is AML.T0024 (Exfiltration via LLM Inference)?
Use crafted inference calls to leak training data, system prompts, or RAG context. It is part of MITRE ATLAS, rated high.
How does Penaxtra test for AML.T0024?
Penaxtra maps its probe families to this ATLAS technique, so adversarial activity matching exfiltration via llm inference surfaces as a finding carrying the AML.T0024 technique identifier - ready for ATT&CK-style threat tracking and reporting.
Does a finding for AML.T0024 help with an audit?
Yes. Each finding is tagged with the MITRE ATLAS AML.T0024 control identifier and exported in the PDF and JSON evidence pack, so it maps straight onto the auditor control list instead of needing manual translation.
Request a demo
Scoped walkthrough of the MITRE ATLAS / AML.T0024 surface against your environment. No credit card.