A2A Agent Pivoting

Pivot from a compromised agent to other agents via A2A protocol connections

Tactic

Lateral Movement · Stage 5

Pivot from compromised agent to connected services or other agents

Attack class

AGENT-IMPERSONATE

Impersonating trusted agents or administrative roles to gain unauthorized access

Evidence grade

Validated

Reproduced in a controlled lab environment (DVAA) with documented steps.

DVAA validation

L4-02

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

Honeypot

AgentPwn coverage

Live

a2a-attackagentpwn.com/learn ↗

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Worm-propagation and impersonation tiers pivot across A2A connections.

Provenance

Evidence by source

HackMyAgent

4 records

Trail

Evidence timeline

HackMyAgent

HMA check A2A-001 failed on fake-vulnerable-agent

May 21, 2026

HackMyAgent

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 29, 2026

HackMyAgent

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 29, 2026

HackMyAgent

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 22, 2026

Detect

Detection · HackMyAgent

Queued0 live · 2 queued

A2A-001A2A-002

npx hackmyagent secure --ciLive = implemented in hackmyagent; queued = declared

Defend

Defense · OASB controls

Live9 live · 0 queued

OASB 10.1 OASB 10.2 OASB 10.3 OASB 10.4 OASB 10.5 OASB 7.1 OASB 7.2 OASB 7.3 OASB 7.4

Live = documented at oasb.ai; queued = declared

Reference

How to cite

AI Agent Threat Matrix T-5002 (A2A Agent Pivoting). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-5002

← Back to the matrix