ATR-2026-00136criticalContext Exfiltrationexperimental
Tool Response Data Piggybacking
Detects malicious tool responses that embed sensitive data extraction within legitimate-looking results. The attack pattern embeds credential theft (SSH keys, API tokens, env vars) as a "by the way" addendum to a normal tool response, exploiting the agent's trust in tool outputs. Discovered via adversarial testing: 62/62 social engineering variants evaded prior rules.
Severity
critical
Category
Context Exfiltration
Scan Target
mcp
Author
ATR Threat Cloud Crystallization
Response Actions
block outputalertsnapshot
References
OWASP Agentic
ASI06 - Rogue ActionsASI08 - Data Leakage
OWASP LLM
LLM01:2025 - Prompt Injection
MITRE ATLAS
AML.T0054
More Context Exfiltration Rules
ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00021criticalCredential and Secret Exposure in Agent OutputATR-2026-00075highAgent Memory ManipulationATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00113criticalCredential File Theft from Agent Environment