AI Agent Threat Matrix
Matrix/Reconnaissance/T-1004
T-1004observedactive1 evidence record

Security Level Probing

Probe the agent to determine its security posture, guardrails, and content filtering strength

Tactic

Reconnaissance (Stage 1)

Map the target agent's attack surface, capabilities, and behavioral boundaries

Attack Class

RETROACTIVE-PRIV

Exploiting previously granted access or cached credentials to gain unauthorized capabilities

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

Probing agents

Honeypot Coverage (AgentPwn)

Out of scope

Not observable via content-side honeypot interaction. HackMyAgent or DVAA cover this where applicable.

Active probing of agent internals, not a content-side trap.

Evidence Source Breakdown

Shodan
1 record

Evidence Timeline

Shodan

Shodan May 12, 2026 sweep: 117 exposed infra services indexed

May 12, 2026

Detection (HackMyAgent)

Live1 live · 0 queued
WEBEXPOSE-001
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live4 live · 0 queued
OASB 1.1OASB 1.2OASB 1.3OASB 1.4
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-1004 (Security Level Probing). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-1004
← Back to Matrix