ATR-2026-00040criticalPrivilege Escalationexperimental

Privilege Escalation and Admin Function Access

Consolidated detection for privilege escalation attempts, covering both tool permission escalation and unauthorized admin function access. Detects when an agent requests or uses tools exceeding its permission scope, invokes administrative functions (user management, database admin, system config), attempts system-level operations (sudo, chmod, chown), container escape techniques (nsenter, chroot), or Kubernetes privilege escalation (kubectl exec). This rule enforces least-privilege boundaries across all agent tool interactions.

Severity

critical

Response Actions

block toolescalatealertquarantine sessionsnapshotreduce permissions

References

CVE

CVE-2026-0628

OWASP Agentic

ASI03:2026 - Identity and Privilege Abuse

OWASP LLM

LLM06:2025 - Excessive Agency

MITRE ATLAS

AML.T0050 - Command and Scripting InterpreterAML.T0040 - AI Model Inference API Access

View full YAML on GitHub →

More Privilege Escalation Rules

ATR-2026-00041mediumAgent Scope Creep Detection ATR-2026-00064highOver-Permissioned MCP Skill ATR-2026-00107highPrivilege Escalation via Delayed Task Execution Bypass ATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code Injection ATR-2026-00111criticalShell Metacharacter Injection in Tool Arguments