T4-AT-013HIGH
Session Hijacking
T4 · Multi-Turn & Memory Manipulation →Risk score225
RatingHigh
Procedures10
Severity
Mechanism
Models have no mechanism to authenticate users within a conversation. There is no session token, no cryptographic identity binding, and no way for the model to verify that the user claiming to be "the admin from the previous session" is the same entity. The model must infer identity from conversational cues — claimed roles, language patterns, knowledge of prior context — all of which are trivially spoofable.
Detection
- Session claim detection: Flag messages containing "resume session," "admin session," "debug session," "elevated privileges," "session ID"
- Identity claim verification: Flag unverifiable identity claims, especially those that claim administrative or system-level access
- Privilege vocabulary detection: Alert on "inherit permissions," "transfer authorization," "clone session" patterns
Mitigation
Context-level identity blindnessHIGH
Platform-level session managementHIGH
Explicit anti-hijacking statementMEDIUM
Identity claim rejection trainingMEDIUM
Chaining
Session hijacking directly chains into T4-AT-003 (Session State Manipulation) by establishing a claimed privilege level that makes state changes seem authorized. Chains into T4-AT-010 (State Confusion) when the hijacking claim redefines the session context.
Framework mapping
Open in the technique browser →OWASP LLMLLM01
MITRE ATLASAML.T0054