THREAT OPS › Threat News › Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025
Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025
<p class="wp-block-paragraph"><em><strong>TL;DR</strong>: Microsoft SQL Server 2025 AI features provide a practical channel for data exfiltration and C2 transport within the database engine itself.</em></p>
<p class="wp-block-paragraph"><strong>Note:</strong> All proof-of-concepts contained in this blog can be found in the following repo: <a href="https://github.com/gershsec/mssql2025-poc">http
MITRE ATT&CK techniques
Indicators of compromise
- https://10.2.99.3:8081/collecturl
- https://10.2.99.3:8081/files?name=hosts.txturl
- https://10.2.99.3:8081/api/embedurl
- https://10.2.99.3:5000/v1/embeddingsurl