Definition
Plain language
A measure of how deep into a multi-step attack the damage gets before any defense manages to stop it.
As stated in the literature
In agent-security evaluations like ClawTrojan and DASGuard, a metric for how many steps of an attack chain execute before a defense intervenes; single-step defenses tend to allow high penetration because they only act at the final harmful action, after the backdoor was already planted in persistent state.
Why it matters: It reveals whether a defense stops trouble early or only at the last moment, exposing systems that block the final blow but let the damage quietly accumulate first.
For example, if an attack has five steps and the defense only catches it at step five, the chain penetration is high because the harmful setup already slipped through the first four.
Heard on the show
“They measure how far through the attack chain the compromise travels — they call it chain penetration.”Episode 105 — The Trojan Is Your Agent's Memory: Why Single-Step Defenses Miss Persistent Attacks