AI Agent Threat Matrix
Matrix/Lateral Movement/T-5005
T-5005validated

Database Pivoting

Pivot through database connections accessible via agent tools to reach new data stores

Tactic

Lateral Movement (Stage 5)

Pivot from compromised agent to connected services or other agents

Attack Class

MCP-EXPLOIT

Attacking Model Context Protocol server configurations, tool registrations, and inter-server trust

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

DataBot SQL injection pivot

Detection (HackMyAgent)

MCP-001MCP-011
npx hackmyagent secure --ci

Defense (OASB Controls)

OASB 10.1OASB 10.2OASB 10.3OASB 10.4OASB 10.5OASB 7.1OASB 7.2OASB 7.3OASB 7.4

How to Cite

AI Agent Threat Matrix T-5005 (Database Pivoting). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-5005
← Back to Matrix