This detection rule targets DNS queries made by the Windows AI Platform to Hugging Face, a known provider of machine learning models. By monitoring these DNS requests, organizations can identify when their systems interact with external AI platforms, which could suggest unauthorized use of third-party resources or potential data exfiltration. This rule helps enforce data governance, enhances visibility on AI model usage, and mitigates risks associated with sensitive data transfer. The rule processes logging information from Sysmon, particularly EventID 22, capturing relevant DNS queries associated with specific processes, such as Python and PowerShell. The presence of queries to Hugging Face domains may indicate automation or unintended data flows necessitating further investigation, thus providing actionable insights to maintain data integrity and compliance with organizational policies.