AI Agent Tool Data Poisoning

Type: technique

Description: Adversaries may place malicious content on a victim’s system where it can be retrieved by an AI Agent Tool. This may be accomplished by placing documents in a location that will be ingested by a service the AI agent has associated tools for.

The content may be targeted such that it would often be retrieved by common queries. The adversary's content may include false or misleading information. It may also include prompt injections with malicious instructions.

Version: 0.1.0

Created At: 2025-12-22 07:58:23 -0500

Last Modified At: 2025-12-22 07:58:23 -0500

External References

--> Initial Access (tactic): An adversary can indirectly inject malicious content into a thread by contaminating data accessible to the AI system via an invocable retrival tool.

AI Agents Attack Matrix

AI Agent Tool Data Poisoning

External References

Related Objects

Related Frameworks