AI Agent Threat Matrix
Matrix/Persistence/T-6005
T-6005observedactive3 evidence records

Scheduled Task Injection

Inject malicious scheduled tasks or heartbeat handlers for persistent execution

Tactic

Persistence (Stage 6)

Establish persistent access surviving restarts and session changes

Attack Class

HEARTBEAT-RCE

Exploiting scheduled task or heartbeat mechanisms to achieve persistent code execution

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

heartbeat injection

Honeypot Coverage (AgentPwn)

Out of scope

Not observable via content-side honeypot interaction. HackMyAgent or DVAA cover this where applicable.

Requires cron/scheduler context not exposed to honeypot.

Evidence Source Breakdown

HMA
3 records

Evidence Timeline

HMA

HMA check HEARTBEAT-001 failed on fake-vulnerable-agent

Apr 29, 2026
HMA

HMA check HEARTBEAT-001 failed on fake-vulnerable-agent

Apr 29, 2026
HMA

HMA check HEARTBEAT-001 failed on fake-vulnerable-agent

Apr 22, 2026

Detection (HackMyAgent)

Live7 live · 0 queued
HEARTBEAT-001HEARTBEAT-002HEARTBEAT-003HEARTBEAT-004HEARTBEAT-005HEARTBEAT-006HEARTBEAT-007
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live4 live · 0 queued
OASB 8.1OASB 8.2OASB 8.3OASB 8.4
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-6005 (Scheduled Task Injection). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-6005
← Back to Matrix