Employing AI for IT operations automation is fraught with potential risks at this time, warn researchers from RSAC Labs and George Mason University. AIOps tools, intended to enhance IT operations through AI, might fall prey to manipulations via tampered telemetry data. The research team, including Dario Pasquini and others, argues in their paper “When AIOps Become ‘AI Oops’: Subverting LLM-driven IT Operations via Telemetry Manipulation” that AIOps systems could be vulnerable to such attacks.

AIOps, which relies on LLM-based agents, uses system logs and performance analyses to identify and address operational issues. Companies like Cisco integrate these AI-driven solutions in interfaces that allow IT admins to inquire about system functionalities and automatically enact corrective measures. Nevertheless, these tools might be misled by falsified data into executing detrimental actions, such as downgrading software to a vulnerable state.

The authors demonstrated that by altering system telemetry, adversaries could deceive AIOps agents into compromising infrastructure security. The principle rests on the “garbage in, garbage out” concept, where attackers engineer false telemetry that prompts misguided AI-driven responses. The time and effort required to stage such an attack depend on system-specific intricacies and AI model implementations.

Researchers used a fuzzer to generate malicious telemetry exploiting application endpoints. Through fabricated data entries, they made AIOps tools commit unsafe fixes. Their tests showed a success rate of 89.2% against two applications, significant enough to warrant serious concern. While advanced AI models like GPT-4.1 performed better in detecting inconsistencies, they still showed notable vulnerabilities.

To mitigate this threat, the researchers propose AIOpsShield, a defensive solution aimed at filtering harmful telemetry. However, they acknowledge that this approach is limited against sophisticated attacks capable of manipulating diverse data sources. The team plans to make AIOpsShield available as an open-source tool for broader application and enhancement by the community.