ATR-2026-00041mediumPrivilege Escalationexperimental
Agent Scope Creep Detection
Detects when an agent gradually expands its authority, access, or operational boundaries beyond its initial assignment. Unlike sudden privilege escalation, scope creep is a gradual process where an agent incrementally acquires more capabilities or extends its decision-making authority. This rule uses regex-only detection to identify language patterns associated with unsolicited scope expansion, progressive permission requests, and self-initiated authority broadening.
Severity
medium
Category
Privilege Escalation
Scan Target
mcp
Author
ATR Community
Response Actions
escalatealertsnapshot
References
OWASP Agentic
ASI03:2026 - Identity and Privilege Abuse
OWASP LLM
LLM06:2025 - Excessive Agency
MITRE ATLAS
AML.T0040 - AI Model Inference API AccessAML.T0047 - ML-Enabled Product or Service
More Privilege Escalation Rules
ATR-2026-00040criticalPrivilege Escalation and Admin Function AccessATR-2026-00064highOver-Permissioned MCP SkillATR-2026-00107highPrivilege Escalation via Delayed Task Execution BypassATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code InjectionATR-2026-00111criticalShell Metacharacter Injection in Tool Arguments