AI Agent Threat Matrix
Matrix/Persistence/T-6007
T-6007validatedactive

Persistent Agent State Manipulation

Attacks that persist across agent sessions via memory poisoning, state tampering, and cached context injection

Tactic

Persistence (Stage 6)

Establish persistent access surviving restarts and session changes

Attack Class

PERSIST-STATE

Cross-session persistence via memory poisoning, state tampering, and cached context injection

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

persistent-agent-memory-poison scenario validates cross-session persistence attacks

Detection (HackMyAgent)

Queued0 live · 10 queued
PERSIST-001PERSIST-002PERSIST-003PERSIST-004PERSIST-005PERSIST-006PERSIST-007PERSIST-008PERSIST-009PERSIST-010
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live3 live · 0 queued
OASB 8.1OASB 8.2OASB 4.3
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-6007 (Persistent Agent State Manipulation). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-6007
← Back to Matrix