Agent Threat Matrixv1.0
Matrix/Reconnaissance/T-1001
T-1001ObservedActive2 evidence records

Endpoint Enumeration

Discover exposed API endpoints, health checks, and information disclosure routes on target agents

Tactic

Reconnaissance · Stage 1

Map the target agent's attack surface, capabilities, and behavioral boundaries

Attack class

RETROACTIVE-PRIV

Exploiting previously granted access or cached credentials to gain unauthorized capabilities

Evidence grade
Observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA validation

All agents expose /health and /info

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

Honeypot

AgentPwn coverage

Out of scope
agentpwn.com/learn ↗

Not observable via content-side honeypot interaction. HackMyAgent or DVAA cover this where applicable.

Enumerating the agent's own exposed endpoints is an external scan, not a content trap. HackMyAgent WEBEXPOSE-* covers it.

Provenance

Evidence by source

Shodan
2 records
Trail

Evidence timeline

Shodan

Shodan May 12, 2026 sweep: 231,482 exposed openclaw services indexed

May 12, 2026
Shodan

Shodan sweep discovered 140,000 exposed AI services with accessible endpoints across the public internet

Mar 20, 2026View source
Detect

Detection · HackMyAgent

Live3 live · 0 queued
WEBEXPOSE-001WEBEXPOSE-002MCP-011
npx hackmyagent secure --ciLive = implemented in hackmyagent; queued = declared
Defend

Defense · OASB controls

Live5 live · 0 queued
OASB 1.1OASB 1.2OASB 1.3OASB 1.4OASB 10.5
Live = documented at oasb.ai; queued = declared
Reference

How to cite

AI Agent Threat Matrix T-1001 (Endpoint Enumeration). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-1001
← Back to the matrix