Endpoint Enumeration

Discover exposed API endpoints, health checks, and information disclosure routes on target agents

Tactic

Reconnaissance (Stage 1)

Map the target agent's attack surface, capabilities, and behavioral boundaries

Attack Class

RETROACTIVE-PRIV

Exploiting previously granted access or cached credentials to gain unauthorized capabilities

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

All agents expose /health and /info

Honeypot Coverage (AgentPwn)

Liveagentpwn.com/api/threats

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Public API and trap routes are themselves enumerable signal.

Evidence Source Breakdown

Shodan

2 records

Evidence Timeline

Shodan

Shodan May 12, 2026 sweep: 231,482 exposed openclaw services indexed

May 12, 2026

Shodan

Shodan sweep discovered 140,000 exposed AI services with accessible endpoints across the public internet

Mar 20, 2026View source

Detection (HackMyAgent)

Live3 live · 0 queued

WEBEXPOSE-001WEBEXPOSE-002MCP-011

npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live5 live · 0 queued

OASB 1.1 OASB 1.2 OASB 1.3 OASB 1.4 OASB 10.5

Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-1001 (Endpoint Enumeration). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-1001

← Back to Matrix