Guardbase launches Coding Agent Attack Matrix — framework for coding agent threat modeling

Version 1.0 • Last updated 2026-05-12

Coding Agent Attack Matrix

Endpoint-based AI agents operate autonomously across your files, CLIs, and MCP servers—creating new attack vectors for organizations. This matrix maps common abuse techniques to MITRE ATT&CK tactics, providing a threat model to identify gaps in your security controls.

View:
Coding Agent:
+ coming soon

Initial Access

5

Drive-by compromise via prompt injections in web fetch / web search

Malicious agent skill

Rug-pull attack on a malicious remote MCP server

Backdoor attack in a STDIO-based MCP server

Indirect prompt injection via code, files, or MCP content

Execution

2

Let the agent write its own malware

Indirect execution via the dev loop

Persistence

4

Add hooks

CRON job

Modification of system prompt / memory

Plant a malicious agent skill

Privilege Escalation

4

Loosen permission/sandbox configuration

Abuse sandbox escape hatches

Route execution via shell-equivalent STDIO-based MCP tools

Break out of outer container/VM

Defense Evasion

4

Disable hooks

Disable OTEL telemetry

Bypass HTTP-proxy

Keep actions in markdown and execute bash commands one-by-one

Credential Access

2

Disk-resident credential files

OS keystore

Discovery

4

Filesystem and volume enumeration

Package and binary enumeration

Network and process enumeration

Cloud environment enumeration

Lateral Movement

4

Abuse SSH keys to hop to other servers

Ambient CLI abuse

Internal HTTP API abuse

Infrastructure MCP abuse

Collection

6

MCP-based collection

Cloud bucket / volume downloads

Database dumps via ambient CLI

Off-project file reads

Prior session history

Environment Variables

Command-and-Control

4

CRON-based beaconing

Claude Code Channels

Hook-based beaconing

Web fetch for instructions

Exfiltration

4

Web fetch / curl / wget with data

Hook-based exfiltration

Malicious MCP server

Connected-MCP messaging exfiltration

Impact

2

Destructive shell commands

Destructive git operations

Scroll horizontally to see all tactics →

Understand the threat. Control the agent.

The Coding Agent Attack Matrix maps 45+ techniques across your agents. Guardbase provides the security control plane to prevent them—with full visibility, enforcement, and audit trails.