AI Agent Threat Matrix
Matrix/Impact/T-9003
T-9003observedactive7 evidence records

Malicious Code Deployment

Deploy malicious code or backdoors through agent code execution capabilities

Tactic

Impact (Stage 9)

Modify data, deploy malicious code, or disrupt services

Attack Class

HEARTBEAT-RCE

Exploiting scheduled task or heartbeat mechanisms to achieve persistent code execution

Evidence

observed

Confirmed in real-world production systems or internet-wide exposure assessments.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

backdoor deployment

Honeypot Coverage (AgentPwn)

Out of scope

Not observable via content-side honeypot interaction. HackMyAgent or DVAA cover this where applicable.

No code execution path on the honeypot.

Evidence Source Breakdown

HMA
7 records

Evidence Timeline

HMA

HMA check HEARTBEAT-001 failed on fake-vulnerable-agent

Apr 29, 2026
HMA

HMA check HEARTBEAT-001 failed on fake-vulnerable-agent

Apr 29, 2026
HMA

HMA check SUPPLY-001 failed on opena2a/code-review-skill

Apr 27, 2026
HMA

HMA check SUPPLY-001 failed on opena2a/code-review-skill

Apr 27, 2026
HMA

HMA check HEARTBEAT-001 failed on fake-vulnerable-agent

Apr 22, 2026
HMA

HMA check SUPPLY-001 failed on damn-vulnerable-ai-agent

Apr 22, 2026
HMA

HMA check SUPPLY-001 failed on hackmyagent-release-test-vplv

Apr 13, 2026

Detection (HackMyAgent)

Live2 live · 0 queued
SUPPLY-001HEARTBEAT-001
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live5 live · 4 queued
OASB 6.1OASB 6.2OASB 6.3OASB 6.4OASB 6.5OASB 11.1OASB 11.2OASB 11.3OASB 11.4
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-9003 (Malicious Code Deployment). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-9003
← Back to Matrix