AI Agent Threat Matrix
Matrix/Privilege Escalation/T-4001
T-4001validatedactive

Capability Override

Override declared capability restrictions to execute unauthorized operations like shell commands

Tactic

Privilege Escalation (Stage 4)

Escalate capabilities beyond declared scope or bypass authorization

Attack Class

SOUL-DELEGATE

Exploiting delegation and capability transfer mechanisms to exceed authorized scope

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

CodeBot shell execution

Honeypot Coverage (AgentPwn)

Livecapability-abuseagentpwn.com/attacks/capability-abuse

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Detection (HackMyAgent)

Live3 live · 0 queued
PERM-001PERM-002PERM-003
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live5 live · 0 queued
OASB 2.1OASB 2.2OASB 2.3OASB 2.4OASB 2.5
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-4001 (Capability Override). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-4001
← Back to Matrix