๐Ÿ›ก๏ธ NAIL Institute โ€” AVE Database

โ† Back to Database

Credential Leakage via Tool Output

๐Ÿ”ด CRITICAL credential proven AVE-2025-0042

ยท aka: Secret Exfiltration, API Key Exposure

Summary

Agents inadvertently expose API keys, tokens, or credentials in their responses when tool outputs contain sensitive data. The agent treats tool output as displayable content.

Blast Radius

API keys, database credentials, or session tokens exposed. Lateral movement possible.

Prerequisites

Agent with access to tools that return credential-bearing responses.

Environment

  • Frameworks: LangGraph
  • Models tested: [Available in NAIL SDK]
  • Multi-agent: No
  • Tools required: Yes
  • Memory required: No

Related