AI Agent Threat Matrix
Matrix/Reconnaissance/T-1002
T-1002observedactive1 evidence record

Tool Discovery

Enumerate available tools and their schemas via MCP tools/list or equivalent discovery endpoints

Tactic

Reconnaissance (Stage 1)

Map the target agent's attack surface, capabilities, and behavioral boundaries

Attack Class

MCP-EXPLOIT

Attacking Model Context Protocol server configurations, tool registrations, and inter-server trust

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

ToolBot tools/list

Honeypot Coverage (AgentPwn)

Queued

In scope for honeypot observation; trap page or telemetry hook not yet built.

Fake MCP tools/list endpoint not yet wired.

Evidence Source Breakdown

Shodan
1 record

Evidence Timeline

Shodan

Shodan May 12, 2026 sweep: 1,322 exposed mcp services indexed

May 12, 2026

Detection (HackMyAgent)

Live1 live · 0 queued
MCP-011
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live1 live · 0 queued
OASB 10.5
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-1002 (Tool Discovery). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-1002
← Back to Matrix