AI Agents Attack Matrix

ReconnaissanceResource DevelopmentInitial AccessML Model AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionML Attack StagingCommand And ControlExfiltrationImpact
Search for Victim's Publicly Available Research MaterialsCommercial License AbuseRetrieval Tool PoisoningPhysical Environment AccessUser ExecutionRAG PoisoningLLM Plugin CompromiseURL FamiliarizingUnsecured CredentialsDiscover ML ArtifactsMessage PoisoningData from Information RepositoriesCraft Adversarial DataSearch Index C2Write Tool InvocationExternal Harms
Search Victim-Owned WebsitesLLM Prompt CraftingRAG PoisoningFull ML Model AccessLLM Plugin CompromiseThread InfectionLLM JailbreakLLM Trusted Output Components ManipulationRAG Credential HarvestingDiscover LLM HallucinationsShared Resource PoisoningData from Local SystemBackdoor ML ModelPublic Web C2Granular Web Request TriggeringCost Harvesting
Search for Victim's Publicly Available Code RepositoriesAcquire InfrastructureCompromised UserAI Model Inference API AccessLLM Prompt InjectionLLM Prompt Self-ReplicationOff-Target LanguageAbuse Trusted SitesRetrieval Tool Credential HarvestingDiscover AI Model OutputsThread History HarvestingCreate Proxy ML ModelAbuse Trusted SitesEvade ML Model
Search Application RepositoriesDevelop CapabilitiesWeb PoisoningML-Enabled Product or ServiceAI Click BaitPoison Training DataCrescendoBlank ImageDiscover ML Model FamilyRAG Data HarvestingVerify AttackGranular Clickable Link RenderingErode ML Model Integrity
Gather RAG-Indexed TargetsPoison Training DataUser ManipulationCommand and Scripting InterpreterBackdoor ML ModelSystem Instruction KeywordsEvade ML ModelFailure Mode MappingRetrieval Tool Data HarvestingWeb Request TriggeringSpamming ML System with Chaff Data
Active ScanningPublish Hallucinated EntitiesGuest User AbuseOff-Target LanguageMemory InfectionASCII SmugglingDiscover ML Model OntologyUser Message HarvestingExfiltration via ML Inference APIMutative Tool Invocation
Retrieval Content CraftingML Supply Chain CompromiseSystem Instruction KeywordsLLM Prompt ObfuscationDiscover LLM System InformationML Artifact CollectionExtract LLM System PromptErode Dataset Integrity
Establish AccountsEvade ML ModelDelayed ExecutionWhoamiMemory Data HordingImage RenderingDenial of ML Service
Publish Poisoned DatasetsValid AccountsInstructions SilencingTool Definition DiscoveryLLM Data Leakage
Obtain CapabilitiesExploit Public-Facing ApplicationFalse RAG Entry InjectionEmbedded Knowledge ExposureClickable Link Rendering
Publish Poisoned ModelsPhishingDistractionDiscover System PromptExfiltration via Cyber Means
Acquire Public ML ArtifactsConditional ExecutionDiscover System Instruction Keywords
Obtain Generative AI CapabilitiesLLM JailbreakDiscover Special Character Sets
Indirect Data Access
Citation Manipulation
Off-Target Language
Crescendo
System Instruction Keywords
Citation Silencing