Skip to content
ATR-2026-00152highContext Exfiltrationexperimental

Obfuscated Credential Exfiltration via Encoding

Detects attempts to leak credentials using partial obfuscation techniques: AES256() wrapping, hex encoding references, rot13, or "encrypted key" framing that presents real credentials as encrypted data to bypass content filters. Crystallized from 16 partial_obfuscation samples.

Severity
high
Category
Context Exfiltration
Scan Target
mcp
Author
ATR Threat Cloud Crystallization

Response Actions

alertblock input

References

OWASP Agentic
ASI01:2026 - Agent Behaviour Hijack
OWASP LLM
LLM01:2025 - Prompt Injection
View full YAML on GitHub →

More Context Exfiltration Rules

ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00021criticalCredential and Secret Exposure in Agent OutputATR-2026-00075highAgent Memory ManipulationATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00113criticalCredential File Theft from Agent Environment