Context Window Exploitation

Overflow or saturate the context window to displace safety instructions with attacker-controlled content

Tactic

Initial Access (Stage 2)

Gain control over agent behavior through prompt manipulation or input exploitation

Attack Class

SOUL-DRIFT

Gradually displacing safety instructions from the active context through conversation manipulation

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

L2-06

Honeypot Coverage (AgentPwn)

Livecontext-windowagentpwn.com/attacks/context-window

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Detection (HackMyAgent)

Live2 live · 0 queued

PROMPT-001PROMPT-002

npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live5 live · 0 queued

OASB 3.1 OASB 3.2 OASB 3.3 OASB 3.4 OASB 3.5

Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-2004 (Context Window Exploitation). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-2004

← Back to Matrix