T-7006validatedactive1 evidence record
PII Discovery
Discover and extract personally identifiable information from RAG stores and agent data sources
Tactic
Collection (Stage 7)
Gather and stage data from databases, file systems, and APIs
Attack Class
RAG-POISON
Injecting malicious content into retrieval-augmented generation data sources
Evidence
validated
Reproduced in controlled lab environment (DVAA) with documented steps.
DVAA Validation
Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.
LegacyBot PII leak
Honeypot Coverage (AgentPwn)
Queued
In scope for honeypot observation; trap page or telemetry hook not yet built.
Adjacent to data-exfiltration tiers; specific PII trap fixtures not yet wired.
Evidence Source Breakdown
HMA
1 record
Evidence Timeline
HMA
HMA check RAG-002 failed on damn-vulnerable-ai-agent
Apr 22, 2026
Detection (HackMyAgent)
Live4 live · 0 queued
RAG-001RAG-002RAG-003RAG-004
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implementedDefense (OASB Controls)
Live4 live · 0 queued
How to Cite
AI Agent Threat Matrix T-7006 (PII Discovery). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-7006