diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md
index 7ed8248095..a26e968ff8 100644
--- a/prowler/CHANGELOG.md
+++ b/prowler/CHANGELOG.md
@@ -56,6 +56,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
- Update AWS EC2 service metadata to new format [(#9549)](https://github.com/prowler-cloud/prowler/pull/9549)
- Update Azure AI Search service metadata to new format [(#9087)](https://github.com/prowler-cloud/prowler/pull/9087)
- Update Azure AKS service metadata to new format [(#9611)](https://github.com/prowler-cloud/prowler/pull/9611)
+- Update Azure API Management service metadata to new format [(#9612)](https://github.com/prowler-cloud/prowler/pull/9612)
### Security
- `pyasn1` to v0.6.2 to address [CVE-2026-23490](https://nvd.nist.gov/vuln/detail/CVE-2026-23490)
diff --git a/prowler/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking.metadata.json b/prowler/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking.metadata.json
index 128dcf5dda..4f2660d479 100644
--- a/prowler/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking.metadata.json
+++ b/prowler/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking.metadata.json
@@ -1,33 +1,36 @@
{
"Provider": "azure",
"CheckID": "apim_threat_detection_llm_jacking",
- "CheckTitle": "Ensure Azure API Management is protected against LLM Jacking attacks",
+ "CheckTitle": "No potential LLM Jacking attacks detected across all Azure API Management instances",
"CheckType": [],
"ServiceName": "apim",
"SubServiceName": "",
"ResourceIdTemplate": "",
- "Severity": "high",
- "ResourceType": "Azure API Management Instance",
+ "Severity": "critical",
+ "ResourceType": "microsoft.apimanagement/service",
"ResourceGroup": "api_gateway",
- "Description": "This check analyzes Azure API Management diagnostic logs in Log Analytics to detect potential LLM Jacking attacks by monitoring the frequency of LLM-related operations (ImageGenerations_Create, ChatCompletions_Create, Completions_Create) from individual IP addresses within a configurable time window.",
- "Risk": "LLM Jacking attacks can lead to unauthorized access to AI models, potential data exfiltration, increased costs, and abuse of AI services. Attackers may use these endpoints to generate content, bypass rate limits, or access premium AI capabilities without proper authorization.",
- "RelatedUrl": "https://learn.microsoft.com/en-us/azure/api-management/monitor-api-management",
+ "Description": "**API Management** diagnostic logs in Log Analytics are analyzed for **LLM-related operations**. Requests are grouped by caller IP, the number of distinct monitored actions (e.g., `ChatCompletions_Create`, `ImageGenerations_Create`) within a configurable `minutes` window is measured, and that ratio is compared to a `threshold` to surface anomalous multi-action patterns.",
+ "Risk": "Concentrated LLM activity from one IP indicates **automation or leaked credentials**.\n- **Availability/cost**: rapid token burn and quota exhaustion\n- **Confidentiality**: exposure of prompts/completions and model details\n- **Integrity**: abuse of deployment/model actions enabling unauthorized changes or mass content generation",
+ "RelatedUrl": "",
+ "AdditionalURLs": [
+ "https://learn.microsoft.com/en-us/azure/api-management/monitor-api-management"
+ ],
"Remediation": {
"Code": {
"CLI": "",
- "NativeIaC": "",
- "Other": "",
- "Terraform": ""
+ "NativeIaC": "```bicep\n// Blocks a specific IP at the global (service) policy level for APIM\nparam apimName string\nparam blockedIp string\n\nresource apim 'Microsoft.ApiManagement/service@2023-05-01-preview' existing = {\n name: apimName\n}\n\nresource apimPolicy 'Microsoft.ApiManagement/service/policies@2023-05-01-preview' = {\n parent: apim\n name: 'policy'\n properties: {\n value: '\n \n \n \n ' // Critical: Policy XML that blocks the offending IP\n format: 'xml' // Critical: Apply policy as XML\n }\n}\n```",
+ "Other": "1. In the Azure portal, open your API Management instance\n2. Go to APIs > All APIs\n3. Click Policies (Inbound processing)\n4. Add a when block to block the offending IP:\n - Condition: @(context.Request.IpAddress == \"\")\n - Action: return-response with status 403 Forbidden\n5. Save the policy\n6. Re-run the scan after the detection window elapses to confirm PASS",
+ "Terraform": "```hcl\n# Global APIM policy that blocks a specific IP\nresource \"azurerm_api_management_policy\" \"\" {\n api_management_id = \"\"\n\n # Critical: Policy XML that blocks the offending IP by returning 403\n xml_content = <\n \n \n \n \n \\\")\">\n \n \n \n \n \n \n \n \n \n\nXML\n}\n```"
},
"Recommendation": {
- "Text": "To protect against LLM Jacking attacks: 1. Enable diagnostic logging for APIM instances and send logs to Log Analytics workspace 2. Configure appropriate thresholds for LLM operation frequency monitoring 3. Set up alerts for suspicious activity patterns 4. Implement rate limiting and IP allowlisting for sensitive AI endpoints 5. Regularly review and analyze APIM access logs for anomalies",
- "Url": "https://learn.microsoft.com/en-us/azure/api-management/monitor-api-management"
+ "Text": "Adopt **defense in depth** for LLM APIs:\n- Enforce **least privilege**; isolate management from inference\n- Prefer **managed identities** over keys; rotate secrets\n- Apply **quotas**, rate limiting, and IP allowlisting; use private access\n- Alert on anomalous action diversity; review logs\n\n*Tune `threshold` and `minutes` for your environment.*",
+ "Url": "https://hub.prowler.com/check/apim_threat_detection_llm_jacking"
}
},
"Categories": [
- "threat-detection",
- "monitoring",
- "logging"
+ "gen-ai",
+ "logging",
+ "threat-detection"
],
"DependsOn": [],
"RelatedTo": [],