T-7003validated
API Data Harvesting
Harvest data from connected APIs using the agent's authorized tool access
Tactic
Collection (Stage 7)
Gather and stage data from databases, file systems, and APIs
Attack Class
SKILL-EXFIL
Using legitimate tool capabilities for unauthorized data transfer
Evidence
validated
Reproduced in controlled lab environment (DVAA) with documented steps.
DVAA Validation
API credential harvesting
Detection (HackMyAgent)
IO-001IO-002IO-003IO-004
npx hackmyagent secure --ciDefense (OASB Controls)
OASB 4.1OASB 4.2OASB 4.3OASB 4.4
How to Cite
AI Agent Threat Matrix T-7003 (API Data Harvesting). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-7003