Skip to content
ATR-2026-00021criticalContext Exfiltrationexperimental

Credential and Secret Exposure in Agent Output

Detects when an AI agent exposes API keys, secret tokens, private keys, database connection strings, JWT tokens, or other sensitive credentials in its output. Covers all major cloud provider key formats, CI/CD tokens, payment processor keys, SSH keys, .env file content patterns, and generic secret assignment patterns. Credential leakage in agent output poses a critical security risk leading to unauthorized access, lateral movement, financial loss, and full account compromise.

Severity
critical
Category
Context Exfiltration
Scan Target
mcp
Author
ATR Community

Response Actions

block outputescalatealertsnapshot

References

CVE
CVE-2025-32711
OWASP Agentic
ASI03:2026 - Identity and Privilege Abuse
OWASP LLM
LLM02:2025 - Sensitive Information DisclosureLLM07:2025 - System Prompt Leakage
MITRE ATLAS
AML.T0057 - LLM Data LeakageAML.T0055 - Unsecured Credentials
View full YAML on GitHub →

More Context Exfiltration Rules

ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00075highAgent Memory ManipulationATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00113criticalCredential File Theft from Agent EnvironmentATR-2026-00114highOAuth and API Token Interception