Data ExfiltrationTier 1critical
Data Exfiltration: Credential Probe
Tricks to extract credentials, PII, or system information
Data exfiltration attacks trick AI agents into revealing sensitive information: credentials, system prompts, conversation history, or user data. These attacks exploit the agent's willingness to be helpful.
Attack Details
- Attack ID
- APWN-DE-001
- HMA Check
- CRED-001
- Delivery Methods
- html-comment
- CWE
- CWE-798
- OASB Control
- 5.1
- Severity
- critical
Remediation
If your AI agent is vulnerable to this attack, scan and fix with:
npx hackmyagent secure --check CRED-001