ATR-2026-00114highContext Exfiltrationexperimental
OAuth and API Token Interception
Detects patterns indicating OAuth token interception, API key forwarding, or authorization header theft. Attackers may instruct agents to capture bearer tokens, refresh tokens, or client secrets and redirect them to attacker-controlled endpoints. This includes suspicious redirect_uri manipulation in OAuth flows and bulk token extraction from agent context.
嚴重度
high
類別
Context Exfiltration
掃描目標
mcp
作者
ATR Community
建議回應
alertsnapshot
參考資料
OWASP Agentic
ASI03:2026 - Agent Identity and Access Abuse
更多 Context Exfiltration 規則
ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00021criticalCredential and Secret Exposure in Agent OutputATR-2026-00075highAgent Memory ManipulationATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00113criticalCredential File Theft from Agent Environment