Context Window Credential Leak

Exploit context window contents to leak credentials that were previously processed by the agent

Tactic

Credential Harvest (Stage 3)

Extract API keys, tokens, and credentials from agent context and connected services

Attack Class

RETROACTIVE-PRIV

Exploiting previously granted access or cached credentials to gain unauthorized capabilities

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

LegacyBot credential leak

Honeypot Coverage (AgentPwn)

Livecontext-windowagentpwn.com/attacks/context-window

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Detection (HackMyAgent)

Live2 live · 0 queued

CRED-001AGENT-CRED-001

npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live5 live · 0 queued

OASB 5.1 OASB 5.2 OASB 5.3 OASB 5.4 OASB 5.5

Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-3006 (Context Window Credential Leak). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-3006

← Back to Matrix