AI Agent Threat Matrix
Matrix/Lateral Movement/T-5001
T-5001validatedactive

SSRF via Tool

Use agent tools to make server-side requests to internal services not directly accessible

Tactic

Lateral Movement (Stage 5)

Pivot from compromised agent to connected services or other agents

Attack Class

SKILL-EXFIL

Using legitimate tool capabilities for unauthorized data transfer

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

L3-02

Honeypot Coverage (AgentPwn)

Queued

In scope for honeypot observation; trap page or telemetry hook not yet built.

Adjacent to capability-abuse tier; trap fixture not yet wired.

Detection (HackMyAgent)

Live4 live · 0 queued
NET-001NET-002NET-003MCP-001
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live9 live · 0 queued
OASB 10.1OASB 10.2OASB 10.3OASB 10.4OASB 10.5OASB 7.1OASB 7.2OASB 7.3OASB 7.4
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-5001 (SSRF via Tool). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-5001
← Back to Matrix