A2A Agent Pivoting

Pivot from a compromised agent to other agents via A2A protocol connections

Tactic

Lateral Movement (Stage 5)

Pivot from compromised agent to connected services or other agents

Attack Class

AGENT-IMPERSONATE

Impersonating trusted agents or administrative roles to gain unauthorized access

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

L4-02

Honeypot Coverage (AgentPwn)

Livea2a-attackagentpwn.com/attacks/a2a-attack

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Evidence Source Breakdown

HMA

3 records

Evidence Timeline

HMA

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 29, 2026

HMA

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 29, 2026

HMA

HMA check A2A-001 failed on fake-vulnerable-agent

Apr 22, 2026

Detection (HackMyAgent)

Queued0 live · 2 queued

A2A-001A2A-002

npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live9 live · 0 queued

OASB 10.1 OASB 10.2 OASB 10.3 OASB 10.4 OASB 10.5 OASB 7.1 OASB 7.2 OASB 7.3 OASB 7.4

Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-5002 (A2A Agent Pivoting). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-5002

← Back to Matrix