Exfiltration via AI Agent Tool Invocation

Type: technique

Description: Adversaries may use prompts to invoke an agent's tool capable of performing write operations to exfiltrate data. Sensitive information can be encoded into the tool's input parameters and transmitted as part of a seemingly legitimate action. Variants include sending emails, creating or modifying documents, updating CRM records, or even generating media such as images or videos.

Version: 0.1.0

Created At: 2025-10-01 13:13:22 -0400

Last Modified At: 2025-10-01 13:13:22 -0400


External References

  • --> Exfiltration (tactic): An adversary can exfiltrate data by encoding it into the input of an invocable tool capable performing a write operation.