AI Agent Threat Matrix
Matrix/Exfiltration/T-8005
T-8005validatedactive

Conversation Exfiltration

Exfiltrate data by encoding it in the agent's visible conversation responses

Tactic

Exfiltration (Stage 8)

Transfer collected data out of target environment

Attack Class

RETROACTIVE-PRIV

Exploiting previously granted access or cached credentials to gain unauthorized capabilities

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

All agents

Honeypot Coverage (AgentPwn)

Livedata-exfiltrationagentpwn.com/attacks/data-exfiltration

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Detection (HackMyAgent)

Live4 live · 0 queued
SANDBOX-001SANDBOX-002SANDBOX-003SANDBOX-004
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live1 live · 0 queued
OASB 4.3
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-8005 (Conversation Exfiltration). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-8005
← Back to Matrix