AI Agent Threat Matrix
Matrix/Initial Access/T-2002
T-2002observed

Indirect Prompt Injection

Embed malicious instructions in external data sources consumed by the agent via RAG or tool responses

Tactic

Initial Access (Stage 2)

Gain control over agent behavior through prompt manipulation or input exploitation

Attack Class

RAG-POISON

Injecting malicious content into retrieval-augmented generation data sources

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

RAGBot

Detection (HackMyAgent)

PROMPT-001RAG-001RAG-002RAG-003RAG-004
npx hackmyagent secure --ci

Defense (OASB Controls)

OASB 3.1OASB 3.2OASB 3.3OASB 3.4OASB 3.5

How to Cite

AI Agent Threat Matrix T-2002 (Indirect Prompt Injection). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-2002
← Back to Matrix