ATR-2026-00040criticalPrivilege Escalationexperimental
Privilege Escalation and Admin Function Access
Consolidated detection for privilege escalation attempts, covering both tool permission escalation and unauthorized admin function access. Detects when an agent requests or uses tools exceeding its permission scope, invokes administrative functions (user management, database admin, system config), attempts system-level operations (sudo, chmod, chown), container escape techniques (nsenter, chroot), or Kubernetes privilege escalation (kubectl exec). This rule enforces least-privilege boundaries across all agent tool interactions.
嚴重度
critical
類別
Privilege Escalation
掃描目標
mcp
作者
ATR Community
建議回應
block toolescalatealertquarantine sessionsnapshotreduce permissions
參考資料
OWASP Agentic
ASI03:2026 - Identity and Privilege Abuse
OWASP LLM
LLM06:2025 - Excessive Agency
MITRE ATLAS
AML.T0050 - Command and Scripting InterpreterAML.T0040 - AI Model Inference API Access
更多 Privilege Escalation 規則
ATR-2026-00041mediumAgent Scope Creep DetectionATR-2026-00064highOver-Permissioned MCP SkillATR-2026-00107highPrivilege Escalation via Delayed Task Execution BypassATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code InjectionATR-2026-00111criticalShell Metacharacter Injection in Tool Arguments