AI Agent Threat Matrix
Matrix/Reconnaissance/T-1002
T-1002validatedactive

Tool Discovery

Enumerate available tools and their schemas via MCP tools/list or equivalent discovery endpoints

Tactic

Reconnaissance (Stage 1)

Map the target agent's attack surface, capabilities, and behavioral boundaries

Attack Class

MCP-EXPLOIT

Attacking Model Context Protocol server configurations, tool registrations, and inter-server trust

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

ToolBot tools/list

Honeypot Coverage (AgentPwn)

Queued

In scope for honeypot observation; trap page or telemetry hook not yet built.

Fake MCP tools/list endpoint not yet wired.

Detection (HackMyAgent)

Live1 live · 0 queued
MCP-011
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live1 live · 0 queued
OASB 10.5
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-1002 (Tool Discovery). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-1002
← Back to Matrix