Agent Threat Matrixv1.0
Matrix/Impact/T-9003
T-9003ObservedActive8 evidence records

Malicious Code Deployment

Deploy malicious code or backdoors through agent code execution capabilities

Tactic

Impact · Stage 9

Modify data, deploy malicious code, or disrupt services

Attack class

HEARTBEAT-RCE

Exploiting scheduled task or heartbeat mechanisms to achieve persistent code execution

Evidence grade
Observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA validation

backdoor deployment

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

Honeypot

AgentPwn coverage

Out of scope
agentpwn.com/learn ↗

Not observable via content-side honeypot interaction. HackMyAgent or DVAA cover this where applicable.

No code-execution path on the honeypot; instruct-only, not observable.

Provenance

Evidence by source

HackMyAgent
8 records
Trail

Evidence timeline

HackMyAgent

HMA check HEARTBEAT-001 failed on fake-vulnerable-agent

May 21, 2026
HackMyAgent

HMA check HEARTBEAT-001 failed on fake-vulnerable-agent

Apr 29, 2026
HackMyAgent

HMA check HEARTBEAT-001 failed on fake-vulnerable-agent

Apr 29, 2026
HackMyAgent

HMA check SUPPLY-001 failed on opena2a/code-review-skill

Apr 27, 2026
HackMyAgent

HMA check SUPPLY-001 failed on opena2a/code-review-skill

Apr 27, 2026
HackMyAgent

HMA check HEARTBEAT-001 failed on fake-vulnerable-agent

Apr 22, 2026
HackMyAgent

HMA check SUPPLY-001 failed on damn-vulnerable-ai-agent

Apr 22, 2026
HackMyAgent

HMA check SUPPLY-001 failed on hackmyagent-release-test-vplv

Apr 13, 2026
Detect

Detection · HackMyAgent

Live2 live · 0 queued
SUPPLY-001HEARTBEAT-001
npx hackmyagent secure --ciLive = implemented in hackmyagent; queued = declared
Defend

Defense · OASB controls

Live5 live · 4 queued
OASB 6.1OASB 6.2OASB 6.3OASB 6.4OASB 6.5OASB 11.1OASB 11.2OASB 11.3OASB 11.4
Live = documented at oasb.ai; queued = declared
Reference

How to cite

AI Agent Threat Matrix T-9003 (Malicious Code Deployment). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-9003
← Back to the matrix