AI Agent Threat Matrix
Matrix/Initial Access/T-2009
T-2009validatedactive

Parser Differential Exploitation

Exploit differences in how parsers (JSON, YAML, markdown) interpret the same input to bypass security controls

Tactic

Initial Access (Stage 2)

Gain control over agent behavior through prompt manipulation or input exploitation

Attack Class

PARSER-DIFFERENTIAL

Exploits differences between parser implementations to bypass security controls

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

parser-differential-json scenario validates JSON comment and duplicate key attacks

Detection (HackMyAgent)

Queued0 live · 10 queued
PARSE-001PARSE-002PARSE-003PARSE-004PARSE-005PARSE-006PARSE-007PARSE-008PARSE-009PARSE-010
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live3 live · 0 queued
OASB 3.1OASB 3.2OASB 8.1
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-2009 (Parser Differential Exploitation). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-2009
← Back to Matrix