Subscribe to the Non-Human & AI Identity Journal

Attack Success Rate

Attack success rate is the percentage of test attempts in which an injected adversarial scenario achieved its intended effect. For agentic systems, it helps distinguish a one-off anomaly from a repeatable workflow weakness that requires governance action.

Expanded Definition

Attack success rate is a testing metric, not a claim about real-world compromise. In NHI and agentic AI security, it measures how often an injected adversarial scenario succeeds in producing the intended outcome, such as unauthorized tool use, data disclosure, or unsafe workflow completion. Because the same term is used across red teaming, prompt injection testing, and agent simulation, definitions vary across vendors and programs, so teams should specify the scenario, success condition, and sample size before comparing results. The most useful interpretation is directional: a rising success rate usually indicates a repeatable control gap, while a low rate does not prove resilience if the test set is too narrow. For threat modeling, it complements broader frameworks such as the MITRE ATLAS adversarial AI threat matrix by translating an attack path into an observable pass or fail outcome.

The most common misapplication is treating a single successful prompt injection or tool-abuse attempt as a stable metric, which occurs when teams ignore the test design, environmental assumptions, or whether the agent had real authority to act.

Examples and Use Cases

Implementing attack success rate rigorously often introduces measurement overhead, requiring organisations to balance repeatable assurance against the time needed to define scenarios, reset environments, and validate results.

  • A security team runs 100 prompt-injection tests against an internal coding agent and records the percentage that cause the agent to reveal secrets or call an unintended tool.
  • A governance group compares success rates before and after adding approval gates to an agentic workflow, using the change as evidence that the control reduced exploitability.
  • An NHI review uses findings from 52 NHI Breaches Analysis to build test cases around exposed API keys, then measures how often those scenarios lead to unauthorized access.
  • A detection team pairs attack success rate with CISA cyber threat advisories to see whether public attacker techniques still work against current controls.
  • An engineering org uses the metric after hardening secret handling guidance from the Ultimate Guide to NHIs — Key Challenges and Risks, then retests whether injected scenarios can still reach credentials.

For agentic systems, the metric is only meaningful when the test clearly states whether success means data leakage, tool execution, policy bypass, or an unsafe downstream side effect.

Why It Matters in NHI Security

Attack success rate matters because NHI failures often hide in repeatable pathways, not dramatic one-time breaches. The metric helps convert an abstract risk into governance evidence, especially where service accounts, API keys, and agent permissions can be reused across many workflows. NHIMG research shows that 79% of organisations have experienced secrets leaks, and 77% of those incidents resulted in tangible damage, which makes repeatable exploitability a practical concern rather than a theoretical one. When teams test scenarios against known weak points, they can prioritize fixes that reduce the rate of successful abuse instead of relying on intuition. The Ultimate Guide to NHIs — Why NHI Security Matters Now and the OWASP NHI Top 10 both reinforce that identity exposure and agent misuse must be measured, not assumed away.

Organisations typically encounter the operational impact only after an agent is tricked into exposing a secret, approving a request, or chaining actions into a broader incident, at which point attack success rate becomes unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Agentic AI Top 10 A2 Prompt injection and tool misuse are commonly assessed with attack success metrics.
OWASP Non-Human Identity Top 10 NHI-02 Secret exposure and NHI abuse are validated by whether adversarial tests succeed.
NIST CSF 2.0 DE.CM-8 Security testing results support ongoing monitoring and anomaly assessment.

Measure how often injected prompts or adversarial tasks cause unsafe agent actions and tune controls to reduce success.