T-1006observed
Agent Card Discovery
Discover A2A agent cards to map agent identities, capabilities, and trust relationships
Tactic
Reconnaissance (Stage 1)
Map the target agent's attack surface, capabilities, and behavioral boundaries
Attack Class
AGENT-IMPERSONATE
Impersonating trusted agents or administrative roles to gain unauthorized access
Evidence
observed
Confirmed in real-world production systems or internet-wide exposure assessments.
DVAA Validation
Orchestrator /a2a/agent-card
Detection (HackMyAgent)
A2A-001A2A-002
npx hackmyagent secure --ciDefense (OASB Controls)
OASB 7.1OASB 7.2OASB 7.3OASB 7.4
How to Cite
AI Agent Threat Matrix T-1006 (Agent Card Discovery). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-1006