ATR-2026-00145criticalContext Exfiltrationexperimental
Obfuscated API Key Disclosure
Detects attempts to leak API keys wrapped in fake encryption/encoding, e.g. "AES256(sk-proj-real-key)". The attacker hopes the agent treats the "encrypted" value as safe to transmit while it contains the real key. Crystallized from 29 adversarial samples.
嚴重度
critical
類別
Context Exfiltration
掃描目標
mcp
作者
ATR Threat Cloud Crystallization
建議回應
alertblock outputsnapshot
參考資料
OWASP Agentic
ASI08 - Data Leakage
OWASP LLM
LLM02:2025 - Sensitive Information Disclosure
更多 Context Exfiltration 規則
ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00021criticalCredential and Secret Exposure in Agent OutputATR-2026-00075highAgent Memory ManipulationATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00113criticalCredential File Theft from Agent Environment