Lateral Movement
T11 · Agentic & Orchestrator Exploitation →An agent is an ideal lateral-movement engine because it is *already inside* the trusted network perimeter and frequently holds network reach, service credentials, and tools (SSH, HTTP clients, DB connectors) that let it pivot to adjacent systems. The trust boundary violated is the implicit trust internal services place in calls originating from inside the network: the agent's traffic looks like legitimate internal automation, so it inherits the same network position and trust relationships a benign internal service would. Combined with harvested credentials (T11-AT-008) and the agent's ambient cloud/service permissions, a single compromised agent can authenticate onward to databases, file shares, cloud APIs, and other hosts.
- Baseline normal east-west traffic for each agent and alert on connections to systems outside its task scope
- Detect internal port/service scanning originating from agent hosts
- Flag use of the same credential/token across multiple systems in a short window
- Monitor cloud audit logs (CloudTrail-equivalent) for the agent identity accessing resources beyond its role's norm
Lateral movement is the expansion phase: it is fed by T11-AT-008 (harvested credentials/keys/tickets) and T11-AT-016 (SSRF reaching internal services), and once on a new host it re-runs T11-AT-008 and T11-AT-009 (persistence) to widen and entrench the foothold. It feeds T11-AT-011 (exfiltration of newly reachable data) and, against build/registry infrastructure, T11-AT-013 (supply chain).