๐Ÿ›ก๏ธ NAIL Institute โ€” AVE Database

โ† Back to Database

Credential Harvesting

๐Ÿ”ด CRITICAL credential proven AVE-2025-0028

ยท aka: Secret Exfiltration, API Key Theft

Summary

Agents can be tricked into revealing credentials, API keys, and other secrets from their environment through carefully crafted prompts or tool interactions.

Blast Radius

Complete credential compromise. Lateral movement into connected systems.

Prerequisites

Agent with access to environment variables or secrets.

Environment

  • Frameworks: LangGraph
  • Models tested: [Available in NAIL SDK]
  • Multi-agent: No
  • Tools required: Yes
  • Memory required: No

Related