AI Agent Threat Matrix
Matrix/Persistence/T-6005
T-6005observedactive

Scheduled Task Injection

Inject malicious scheduled tasks or heartbeat handlers for persistent execution

Tactic

Persistence (Stage 6)

Establish persistent access surviving restarts and session changes

Attack Class

HEARTBEAT-RCE

Exploiting scheduled task or heartbeat mechanisms to achieve persistent code execution

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

heartbeat injection

Honeypot Coverage (AgentPwn)

Out of scope

Not observable via content-side honeypot interaction. HackMyAgent or DVAA cover this where applicable.

Requires cron/scheduler context not exposed to honeypot.

Detection (HackMyAgent)

Live7 live · 0 queued
HEARTBEAT-001HEARTBEAT-002HEARTBEAT-003HEARTBEAT-004HEARTBEAT-005HEARTBEAT-006HEARTBEAT-007
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live4 live · 0 queued
OASB 8.1OASB 8.2OASB 8.3OASB 8.4
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-6005 (Scheduled Task Injection). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-6005
← Back to Matrix