Context Window Credential Leak
Exploit context window contents to leak credentials that were previously processed by the agent
Tactic
Credential Harvest (Stage 3)
Extract API keys, tokens, and credentials from agent context and connected services
Attack Class
RETROACTIVE-PRIV
Exploiting previously granted access or cached credentials to gain unauthorized capabilities
Evidence
Reproduced in controlled lab environment (DVAA) with documented steps.
DVAA Validation
Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.
LegacyBot credential leak
Honeypot Coverage (AgentPwn)
An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.
Evidence Source Breakdown
Evidence Timeline
HMA check CRED-001 failed on cred-test
HMA check CRED-001 failed on cred-test
HMA check CRED-001 failed on cred-test
HMA check CRED-001 failed on soc-demo
HMA check CRED-001 failed on opena2a-cli
HMA check CRED-001 failed on cred-test
HMA check CRED-001 failed on cred-test
HMA check CRED-001 failed on cred-test
HMA check CRED-001 failed on cred-test
HMA check AGENT-CRED-001 failed on triggerdotdev/trigger.dev
HMA check AGENT-CRED-001 failed on @khanglvm/jira-mcp
HMA check AGENT-CRED-001 failed on nwiizo/tfmcp
HMA check AGENT-CRED-001 failed on saidsurucu/borsa-mcp
Detection (HackMyAgent)
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implementedDefense (OASB Controls)
How to Cite
AI Agent Threat Matrix T-3006 (Context Window Credential Leak). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-3006