Agents are manipulated into using file, database, API, and cloud-management tools to enumerate and extract credentials from configuration files, environment variables, process memory, databases, key vaults, and instance metadata, and to correlate fragments into full credentials.
AI/ML / Multi Agent Refarch / Threats / DEV
Credential harvesting via agent tools and storage
CCC.MARefArc.TH32
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP08 | Built-in trusted tools | A collection of bundled, trusted tools providing fundamental capabilities: the MCP client bridge to the external MCP layer, a sandboxed shell, workspace I/O, and web search. |
| CCC.MARefArc.CP10 | Sandboxed workspace file system | A sandboxed, persistent file system that agents use to read and write files, enabling work with large artifacts. |
| CCC.MARefArc.CP07 | Unified sandboxed agent runtime | Secure, sandboxed environment where all agentic reasoning and execution occurs, providing task state management for pause/resume/handoff and intercepting and validating tool calls with credentials handled securely within the sandbox. |
| CCC.MARefArc.CP12 | Authoritative knowledge source bases | Internal and external repositories of structured data, unstructured documents, and graph-based representations that provide authoritative information for grounding. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CN15 | Agentic System Credential Protection Framework | Prevent agents from discovering, extracting, or misusing credentials by brokering secrets outside agent-accessible surfaces and constraining tool access to credential stores. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| air-vec | AIR-SEC-029-01 | |
| air-vec | AIR-SEC-029-02 | |
| air-vec | AIR-SEC-029-03 | |
| air-vec | AIR-SEC-029-04 | |
| air-vec | AIR-SEC-029-05 |