T-3004validated
Memory Credential Mining
Extract credentials stored in agent memory from previous sessions or conversations
Tactic
Credential Harvest (Stage 3)
Extract API keys, tokens, and credentials from agent context and connected services
Attack Class
MEM-POISON
Injecting malicious entries into agent persistent memory to maintain control across sessions
Evidence
validated
Reproduced in controlled lab environment (DVAA) with documented steps.
DVAA Validation
L2-05
Detection (HackMyAgent)
MEM-001MEM-002MEM-003MEM-004MEM-005MEM-006
npx hackmyagent secure --ciDefense (OASB Controls)
OASB 5.1OASB 5.2OASB 5.3OASB 5.4OASB 5.5
How to Cite
AI Agent Threat Matrix T-3004 (Memory Credential Mining). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-3004