AI Agent Threat Matrix
Matrix/Credential Harvest/T-3001
T-3001observedactive

System Prompt Credential Extraction

Extract credentials hardcoded or referenced in the agent's system prompt

Tactic

Credential Harvest (Stage 3)

Extract API keys, tokens, and credentials from agent context and connected services

Attack Class

RETROACTIVE-PRIV

Exploiting previously granted access or cached credentials to gain unauthorized capabilities

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

L1-02

Honeypot Coverage (AgentPwn)

Livedata-exfiltrationagentpwn.com/attacks/data-exfiltration

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Detection (HackMyAgent)

Live4 live · 0 queued
CRED-001CRED-002CRED-003CRED-004
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live5 live · 0 queued
OASB 5.1OASB 5.2OASB 5.3OASB 5.4OASB 5.5
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-3001 (System Prompt Credential Extraction). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-3001
← Back to Matrix