Credential Reuse

Reuse harvested credentials to access additional services and agents

Lateral Movement (Stage 5)

Pivot from compromised agent to connected services or other agents

RETROACTIVE-PRIV

Exploiting previously granted access or cached credentials to gain unauthorized capabilities

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

credential reuse

Out of scope

Not observable via content-side honeypot interaction. HackMyAgent or DVAA cover this where applicable.

Requires cross-system credential context that AgentPwn does not simulate.

Live1 live · 0 queued

CRED-001

npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Live9 live · 0 queued

Live = documented at oasb.ai; queued = declared, not yet documented

AI Agent Threat Matrix T-5004 (Credential Reuse). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-5004