Insecure Cybersecurity Agent (T15 Agentic Threat)

[zeinovich]

PR Checklist 🚨

It is intended that only defined "vulnerability entry leads" should be able to create PR's (See CODEOWNERS and Core Team)

If you are not a CODEOWNER for the entry of artifact, please see our Issues and Discussions boards

Proposed changes

This PR represents a new example for the OWASP Agentic Security Initiative.

The agent was implemented using the CrewAI framework.

The scenario demonstrates a Human Manipulation threat vector (T15 from Agentic AI Threat list), where a security auditing agent requests sensitive credentials (e.g., database access) under a seemingly legitimate pretext — in this case, needing access to scan for malicious or vulnerable data sources.

The agent exploits the user’s implicit trust and the authority of a “security scanner” role to socially engineer sensitive input.

For research, the attack was tested on GPT-4o, with simulated user interaction scripted to validate the manipulation behavior.
No external calls or real data collection is performed — the project is purely illustrative.

Types of changes

Put an x in the boxes that apply

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Documentation Update (if none of the other choices apply)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

• I have x-referenced the appropriate issue this addresses within the projects board
• I have applied the relevant labels this PR addresses

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

[hoeg]

Hi @zeinovich, thank you for the PR. We will take a look at it 👌