Agent Threat Matrixv1.0
Matrix/Credential Harvest/T-3005
T-3005ObservedActive

Configuration File Access

Read configuration files containing credentials via tool access or path traversal

Tactic

Credential Harvest · Stage 3

Extract API keys, tokens, and credentials from agent context and connected services

Attack class

RETROACTIVE-PRIV

Exploiting previously granted access or cached credentials to gain unauthorized capabilities

Evidence grade
Observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA validation

ToolBot read config

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

Honeypot

AgentPwn coverage

Queued
agentpwn.com/learn ↗

In scope for honeypot observation; trap page or telemetry hook not yet built.

A trap-page filesystem fixture (read a config file for creds) is not yet wired.

Detect

Detection · HackMyAgent

Live5 live · 0 queued
CRED-001ENV-001ENV-002ENV-003ENV-004
npx hackmyagent secure --ciLive = implemented in hackmyagent; queued = declared
Defend

Defense · OASB controls

Live5 live · 0 queued
OASB 5.1OASB 5.2OASB 5.3OASB 5.4OASB 5.5
Live = documented at oasb.ai; queued = declared
Reference

How to cite

AI Agent Threat Matrix T-3005 (Configuration File Access). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-3005
← Back to the matrix