AI Agent Threat Matrix

AI Agent Threat Matrixv1.0

Attack Paths

Complete kill chain traversals demonstrated in DVAA (Damn Vulnerable AI Agent). Each path shows how techniques chain together across multiple tactics to achieve a specific attacker objective.

Path A

API Agent Full Compromise

LegacyBot to ToolBot: recon, inject, harvest creds, pivot, enumerate files, exfiltrate

Endpoint Enumeration

→

Direct Prompt Injection

→

Credential Harvest

System Prompt Credential Extraction

→

Lateral Movement

Credential Reuse

→

File System Enumeration

→

Path B

Memory Persistence Chain

MemoryBot: recon, inject, persist in memory, dump memory, exfiltrate via conversation

Endpoint Enumeration

→

Direct Prompt Injection

→

Memory Injection

→

→

Conversation Exfiltration

Path C

Multi-Agent A2A Chain

Orchestrator to Worker to ToolBot: discover agent card, inject, impersonate admin, pivot via A2A, modify data

Agent Card Discovery

→

Direct Prompt Injection

→

Privilege Escalation

Admin Impersonation

→

Lateral Movement

A2A Agent Pivoting

→

Data Manipulation

Path D

Supply Chain to Full Compromise

PluginBot to ProxyBot: discover tools, inject via tool description, backdoor skill, hop MCP servers, compromise downstream

→

Tool Description Injection

→

Skill/Plugin Backdoor

→

Lateral Movement

MCP Server Hopping

→

Supply Chain Compromise

← Back to Matrix