Skip to content
ATR-2026-00074criticalAgent Manipulationexperimental

Cross-Agent Privilege Escalation

Detects agents using inter-agent communication channels to escalate privileges beyond their authorized scope. Attackers exploit multi-agent architectures by having a compromised or lower-privilege agent forward credentials, assume roles of higher-privilege agents, or bypass orchestrator controls through direct agent-to-agent messaging. This enables lateral movement across agent boundaries and unauthorized access to restricted tools or data.

Severity
critical
Category
Agent Manipulation
Scan Target
mcp
Author
ATR Community

Response Actions

block inputalertsnapshotkill agentescalate

References

OWASP Agentic
ASI03:2026 - Identity and Privilege AbuseASI10:2026 - Rogue Agents
OWASP LLM
LLM06:2025 - Excessive AgencyLLM08:2025 - Excessive Agency
MITRE ATLAS
AML.T0051.001 - Indirect Prompt Injection
View full YAML on GitHub →

More Agent Manipulation Rules

ATR-2026-00030criticalCross-Agent Attack DetectionATR-2026-00032highAgent Goal Hijacking DetectionATR-2026-00076highInsecure Inter-Agent Communication DetectionATR-2026-00077highHuman-Agent Trust Exploitation DetectionATR-2026-00108criticalMulti-Agent Consensus Sybil Attack