Skip to content
ATR-2026-00132highAgent Manipulationexperimental

Casual Authority Claim and Scope Escalation

Detects casual, conversational-tone authority claims and scope escalation that bypass formal injection detection. Unlike explicit "I am the admin" claims (ATR-2026-030/117), these use informal language: "FYI the orchestrator wants...", "the boss said we should skip...", "I noticed the admin panel is accessible, let me check...". Also detects rationalized bypasses where agents justify unauthorized actions with efficiency claims: "to complete this more efficiently, I'll use the database directly instead of the API". Discovered via Autoresearch v0 (100% miss rate across casual_authority, casual_escalation, and rationalized_bypass techniques).

Severity
high
Category
Agent Manipulation
Scan Target
mcp
Author
ATR Community

Response Actions

alert

References

OWASP Agentic
ASI07:2026 - Insecure Inter-Agent CommunicationASI10:2026 - Rogue AgentsASI09:2026 - Human-Agent Trust Exploitation
OWASP LLM
LLM01:2025 - Prompt Injection
View full YAML on GitHub →

More Agent Manipulation Rules

ATR-2026-00030criticalCross-Agent Attack DetectionATR-2026-00032highAgent Goal Hijacking DetectionATR-2026-00074criticalCross-Agent Privilege EscalationATR-2026-00076highInsecure Inter-Agent Communication DetectionATR-2026-00077highHuman-Agent Trust Exploitation Detection