AI Agent Threat Matrix
Matrix/Initial Access/T-2001
T-2001observed

Direct Prompt Injection

Inject malicious instructions directly into agent input to override system prompt behavior

Tactic

Initial Access (Stage 2)

Gain control over agent behavior through prompt manipulation or input exploitation

Attack Class

SOUL-INJECT

Directly manipulating or overriding the agent's system-level instructions and behavioral boundaries

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

L1-03

Detection (HackMyAgent)

PROMPT-001PROMPT-002PROMPT-003PROMPT-004
npx hackmyagent secure --ci

Defense (OASB Controls)

OASB 3.1OASB 3.2OASB 3.3OASB 3.4OASB 3.5

How to Cite

AI Agent Threat Matrix T-2001 (Direct Prompt Injection). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-2001
← Back to Matrix