AI Agent Threat Matrix
Matrix/Privilege Escalation/T-4007
T-4007validatedactive

Tool Impersonation and Squatting

Impersonate, shadow, or squat on legitimate MCP tools to intercept agent actions or escalate capabilities

Tactic

Privilege Escalation (Stage 4)

Escalate capabilities beyond declared scope or bypass authorization

Attack Class

FAKETOOL-INJECT

MCP tool impersonation, squatting, and schema poisoning attacks

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

fake-tool-squatting scenario validates tool impersonation attacks

Detection (HackMyAgent)

Queued0 live · 10 queued
FAKETOOL-001FAKETOOL-002FAKETOOL-003FAKETOOL-004FAKETOOL-005FAKETOOL-006FAKETOOL-007FAKETOOL-008FAKETOOL-009FAKETOOL-010
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live3 live · 0 queued
OASB 2.2OASB 2.3OASB 6.2
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-4007 (Tool Impersonation and Squatting). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-4007
← Back to Matrix