Matrix/Reconnaissance/T-1006

T-1006ObservedActive6 evidence records

Agent Card Discovery

Discover A2A agent cards to map agent identities, capabilities, and trust relationships

Tactic

Reconnaissance · Stage 1

Map the target agent's attack surface, capabilities, and behavioral boundaries

Attack class

AGENT-IMPERSONATE

Impersonating trusted agents or administrative roles to gain unauthorized access

Evidence grade

Observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA validation

Orchestrator /a2a/agent-card

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

Honeypot

AgentPwn coverage

Queued

agentpwn.com/learn ↗

In scope for honeypot observation; trap page or telemetry hook not yet built.

A2A agent-card discovery needs the fake-agent network at /pwnagent, which is queued.

Provenance

Evidence by source

HackMyAgent

4 records

Shodan

2 records

Trail

Evidence timeline

HackMyAgent

HMA check A2A-001 failed on fake-vulnerable-agent

May 21, 2026

Shodan

Shodan May 12, 2026 sweep: 22 exposed a2a services indexed

May 12, 2026

HackMyAgent

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 29, 2026

HackMyAgent

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 29, 2026

HackMyAgent

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 22, 2026

Shodan

47 CLAUDE.md agent card files detected by Shodan with 7 confirmed accessible for content extraction

Mar 20, 2026View source

Detect

Detection · HackMyAgent

Queued0 live · 2 queued

A2A-001A2A-002

npx hackmyagent secure --ciLive = implemented in hackmyagent; queued = declared

Defend

Defense · OASB controls

Live4 live · 0 queued

OASB 7.1 OASB 7.2 OASB 7.3 OASB 7.4

Live = documented at oasb.ai; queued = declared

Reference

How to cite

AI Agent Threat Matrix T-1006 (Agent Card Discovery). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-1006

← Back to the matrix