Agent Card Discovery

Discover A2A agent cards to map agent identities, capabilities, and trust relationships

Tactic

Reconnaissance (Stage 1)

Map the target agent's attack surface, capabilities, and behavioral boundaries

Attack Class

AGENT-IMPERSONATE

Impersonating trusted agents or administrative roles to gain unauthorized access

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

Orchestrator /a2a/agent-card

Honeypot Coverage (AgentPwn)

Queued

In scope for honeypot observation; trap page or telemetry hook not yet built.

Pwnagent fake-agent network is queued; see /pwnagent.

Evidence Source Breakdown

Shodan

2 records

HMA

3 records

Evidence Timeline

Shodan

Shodan May 12, 2026 sweep: 22 exposed a2a services indexed

May 12, 2026

HMA

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 29, 2026

HMA

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 29, 2026

HMA

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 22, 2026

Shodan

47 CLAUDE.md agent card files detected by Shodan with 7 confirmed accessible for content extraction

Mar 20, 2026View source

Detection (HackMyAgent)

Queued0 live · 2 queued

A2A-001A2A-002

npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live4 live · 0 queued

OASB 7.1 OASB 7.2 OASB 7.3 OASB 7.4

Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-1006 (Agent Card Discovery). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-1006

← Back to Matrix