Agent Threat Matrixv1.0
Matrix/Reconnaissance/T-1005
T-1005ValidatedActive1 evidence record

Capability Mapping

Map the full set of agent capabilities including tools, permissions, and connected services

Tactic

Reconnaissance · Stage 1

Map the target agent's attack surface, capabilities, and behavioral boundaries

Attack class

MCP-EXPLOIT

Attacking Model Context Protocol server configurations, tool registrations, and inter-server trust

Evidence grade
Validated

Reproduced in a controlled lab environment (DVAA) with documented steps.

DVAA validation

ToolBot tool catalog

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

Honeypot

AgentPwn coverage

Live
mcp-exploitationagentpwn.com/learn ↗

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Tool-discovery and system-info tiers map the agent's full capability surface.

Provenance

Evidence by source

Shodan
1 record
Trail

Evidence timeline

Shodan

Shodan May 12, 2026 sweep: 25,803 exposed llm services indexed

May 12, 2026
Detect

Detection · HackMyAgent

Live2 live · 0 queued
MCP-011MCP-001
npx hackmyagent secure --ciLive = implemented in hackmyagent; queued = declared
Defend

Defense · OASB controls

Live1 live · 0 queued
OASB 10.5
Live = documented at oasb.ai; queued = declared
Reference

How to cite

AI Agent Threat Matrix T-1005 (Capability Mapping). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-1005
← Back to the matrix