AI Agent Threat Matrix
Matrix/Collection/T-7004
T-7004validatedactive

Memory Dump

Dump the agent's memory store to extract stored data, credentials, and conversation history

Tactic

Collection (Stage 7)

Gather and stage data from databases, file systems, and APIs

Attack Class

MEM-POISON

Injecting malicious entries into agent persistent memory to maintain control across sessions

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

MemoryBot memory dump

Honeypot Coverage (AgentPwn)

Livememory-weaponizationagentpwn.com/attacks/memory-weaponization

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Detection (HackMyAgent)

Live5 live · 0 queued
MEM-001MEM-002MEM-003MEM-004MEM-005
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live4 live · 0 queued
OASB 4.1OASB 4.2OASB 4.3OASB 4.4
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-7004 (Memory Dump). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-7004
← Back to Matrix