🛡️ NAIL Institute — AVE Database

← Back to Database

API Key Harvesting via Prompt

🔴 CRITICAL credential proven AVE-2025-0100

· aka: Secret Extraction

Summary

Agent is tricked into revealing API keys, tokens, or credentials stored in its environment variables or configuration.

Blast Radius

Full credential exposure enabling infrastructure compromise.

Prerequisites

Agent with access to credentials in its runtime environment.

Environment

Frameworks: LangGraph, CrewAI
Models tested: [Available in NAIL SDK]
Multi-agent: No
Tools required: Yes
Memory required: No

Related

AVE-2025-0003