ATR-2026-00136criticalContext Exfiltrationexperimental
Tool Response Data Piggybacking
Detects malicious tool responses that embed sensitive data extraction within legitimate-looking results. The attack pattern embeds credential theft (SSH keys, API tokens, env vars) as a "by the way" addendum to a normal tool response, exploiting the agent's trust in tool outputs. Discovered via adversarial testing: 62/62 social engineering variants evaded prior rules.
嚴重度
critical
類別
Context Exfiltration
掃描目標
mcp
作者
ATR Threat Cloud Crystallization
建議回應
block outputalertsnapshot
參考資料
OWASP Agentic
ASI06 - Rogue ActionsASI08 - Data Leakage
OWASP LLM
LLM01:2025 - Prompt Injection
MITRE ATLAS
AML.T0054
更多 Context Exfiltration 規則
ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00021criticalCredential and Secret Exposure in Agent OutputATR-2026-00075highAgent Memory ManipulationATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00113criticalCredential File Theft from Agent Environment