Skip to content
ATR-2026-00113criticalContext Exfiltrationexperimental

Credential File Theft from Agent Environment

Detects tools or agent instructions that access well-known credential files from the host environment. Attackers target files like ~/.aws/credentials, SSH private keys, Docker configs, and Kubernetes configs to gain lateral movement capabilities. When credential file access is combined with a network call, this strongly indicates exfiltration rather than legitimate local usage.

Severity
critical
Category
Context Exfiltration
Scan Target
both
Author
ATR Community

Response Actions

block toolalertsnapshot

References

OWASP Agentic
ASI03:2026 - Agent Identity and Access Abuse
View full YAML on GitHub →

More Context Exfiltration Rules

ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00021criticalCredential and Secret Exposure in Agent OutputATR-2026-00075highAgent Memory ManipulationATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00114highOAuth and API Token Interception