🛡️ MAS-Sentry-Toolkit

Multi-Agent System Security Audit Report

Scan Information

Session ID: demo-001

Target: 127.0.0.1

Protocol: mqtt

Generated: 2026-04-29T07:50:56.689491+00:00

Toolkit: MAS-Sentry v0.1.0

Executive Summary

1

CRITICAL

1

HIGH

1

MEDIUM

0

LOW

2

Agents Analyzed

1

Rogue Agents

85.0

Max Anomaly Score

8

STRIDE Threats

Protocol Vulnerability Findings

Severity	Finding	Remediation
CRITICAL	Anonymous Broker Access MQTT broker at 127.0.0.1:1883 accepts anonymous connections. Any client can subscribe to all topics including command channels.	Enable authentication. Set allow_anonymous false in mosquitto.conf.
HIGH	Retained Message Poisoning Unauthenticated client successfully published retained message to commands/actuator.	Implement publish ACLs. Validate retained message origin.
MEDIUM	$SYS Topic Information Leakage Broker version and client stats exposed via $SYS/# to unauthenticated clients.	Restrict $SYS topic access via ACL.

ABFP Agent Behavioral Fingerprints

Agent ID	Messages	Anomaly Score	Interval	Encoding	Threat Flags
inferred_commands_unknown_agent	45	85.0/100	22 ms	binary	TOPIC_ESCALATION, NO_BASELINE, BURST_DETECTED
inferred_sensors_sensor_001	240	0.0/100	1001 ms	json	—

STRIDE Threat Mapping

ID	Severity	Category	Title	CVSS	Mitigation
MAS-E-002	CRITICAL	Elevation of Privilege	RabbitMQ Default Credential Escalation	9.8	Disable guest user. Create role-specific accounts. Restrict management API to localhost.
MAS-S-001	CRITICAL	Spoofing	Agent Identity Spoofing via MQTT Client ID	9.1	Enforce mutual TLS (mTLS). Validate client certificates. Use unique per-agent credentials. Enable MQTT ACLs.
MAS-E-001	CRITICAL	Elevation of Privilege	Topic Privilege Escalation	9.0	Enforce strict topic ACLs per agent role. Use ABFP TOPIC_ESCALATION flag to detect and alert.
MAS-S-002	CRITICAL	Spoofing	Behavioral Clone — Agent Impersonation	8.8	Use ABFP payload entropy analysis to detect anomalies even when timing matches. Implement payload signing (HMAC).
MAS-T-001	HIGH	Tampering	Retained Message Poisoning	7.5	Restrict publish ACLs on command topics. Validate message schema server-side. Monitor retained messages with ABFP scanner.
MAS-I-001	HIGH	Information Disclosure	Unauthenticated Topic Enumeration	7.5	Disable anonymous access. Restrict wildcard subscriptions. Enable TLS for all connections.
MAS-D-001	HIGH	Denial of Service	MQTT Broker Flood via Burst Publishing	7.5	Configure per-client rate limits on broker. Use ABFP burst detection to alert on abnormal publish rates.
MAS-T-002	HIGH	Tampering	Will Message Hijacking	7.2	Restrict will topic permissions. Validate will payloads against expected schema.