AI Agent Threat Matrix
Matrix/Reconnaissance/T-1005
T-1005observedactive1 evidence record

Capability Mapping

Map the full set of agent capabilities including tools, permissions, and connected services

Tactic

Reconnaissance (Stage 1)

Map the target agent's attack surface, capabilities, and behavioral boundaries

Attack Class

MCP-EXPLOIT

Attacking Model Context Protocol server configurations, tool registrations, and inter-server trust

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

ToolBot tool catalog

Honeypot Coverage (AgentPwn)

Queued

In scope for honeypot observation; trap page or telemetry hook not yet built.

Requires fake MCP capability advertisement page.

Evidence Source Breakdown

Shodan
1 record

Evidence Timeline

Shodan

Shodan May 12, 2026 sweep: 25,803 exposed llm services indexed

May 12, 2026

Detection (HackMyAgent)

Live2 live · 0 queued
MCP-011MCP-001
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live1 live · 0 queued
OASB 10.5
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-1005 (Capability Mapping). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-1005
← Back to Matrix