AI Agent Threat Matrix
Matrix/Lateral Movement/T-5003
T-5003validatedactive

MCP Server Hopping

Hop between MCP servers using compromised tool access to reach new services

Tactic

Lateral Movement (Stage 5)

Pivot from compromised agent to connected services or other agents

Attack Class

MCP-EXPLOIT

Attacking Model Context Protocol server configurations, tool registrations, and inter-server trust

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

tool-chain-exfiltration

Honeypot Coverage (AgentPwn)

Queued

In scope for honeypot observation; trap page or telemetry hook not yet built.

Multi-MCP fixture network not yet built.

Detection (HackMyAgent)

Live3 live · 0 queued
MCP-001MCP-002MCP-003
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live9 live · 0 queued
OASB 10.1OASB 10.2OASB 10.3OASB 10.4OASB 10.5OASB 7.1OASB 7.2OASB 7.3OASB 7.4
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-5003 (MCP Server Hopping). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-5003
← Back to Matrix