ATR-2026-00143highPrivilege Escalationexperimental
Casual Unauthorized Privilege Escalation
Detects agents casually escalating privileges by accessing admin panels, user management, or system settings without explicit authorization. Pattern: "I noticed X is accessible, let me check/review/examine Y." Crystallized from 31 adversarial samples.
Severity
high
Category
Privilege Escalation
Scan Target
mcp
Author
ATR Threat Cloud Crystallization
Response Actions
alertblock input
References
OWASP Agentic
ASI03 - Excessive Agency
OWASP LLM
LLM01:2025 - Prompt Injection
More Privilege Escalation Rules
ATR-2026-00040criticalPrivilege Escalation and Admin Function AccessATR-2026-00041mediumAgent Scope Creep DetectionATR-2026-00064highOver-Permissioned MCP SkillATR-2026-00107highPrivilege Escalation via Delayed Task Execution BypassATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code Injection