Credentials In Files

Description

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. AI Agent system instructions are a common location where developers paste API keys, bearer tokens, or other secrets to grant the agent runtime access to backing services. These instructions are often readable by anyone with management access to the agent.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable AI AwareAIRead-onlyHTTPSAI Agent instructions / system prompts

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Credential Access

Products Required: Tenable AI Aware