AI Agent Threat Matrix
Matrix/Collection/T-7006
T-7006validated

PII Discovery

Discover and extract personally identifiable information from RAG stores and agent data sources

Tactic

Collection (Stage 7)

Gather and stage data from databases, file systems, and APIs

Attack Class

RAG-POISON

Injecting malicious content into retrieval-augmented generation data sources

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

LegacyBot PII leak

Detection (HackMyAgent)

RAG-001RAG-002RAG-003RAG-004
npx hackmyagent secure --ci

Defense (OASB Controls)

OASB 4.1OASB 4.2OASB 4.3OASB 4.4

How to Cite

AI Agent Threat Matrix T-7006 (PII Discovery). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-7006
← Back to Matrix