Skip to content

Hide Navigation Hide TOC

Credential Data Leaked in Tool Response - ATR-2026-00150 (4b44e878-12ae-555b-8efb-248e1b6816f5)

Detects private keys, API tokens, or credential material embedded in tool responses. Attackers embed credential data in seemingly benign tool output (weather, search results) to trick agents into exfiltrating secrets. Crystallized from 37 adversarial social_engineering samples.

Cluster A Galaxy A Cluster B Galaxy B Level
Credential Data Leaked in Tool Response - ATR-2026-00150 (4b44e878-12ae-555b-8efb-248e1b6816f5) Agent Threat Rules LLM Data Leakage (45d378aa-20ae-401d-bf61-7f00104eeaca) MITRE ATLAS Attack Pattern 1