ATR-2026-00041mediumPrivilege Escalationexperimental
Agent Scope Creep Detection
Detects when an agent gradually expands its authority, access, or operational boundaries beyond its initial assignment. Unlike sudden privilege escalation, scope creep is a gradual process where an agent incrementally acquires more capabilities or extends its decision-making authority. This rule uses regex-only detection to identify language patterns associated with unsolicited scope expansion, progressive permission requests, and self-initiated authority broadening.
嚴重度
medium
類別
Privilege Escalation
掃描目標
mcp
作者
ATR Community
建議回應
escalatealertsnapshot
參考資料
OWASP Agentic
ASI03:2026 - Identity and Privilege Abuse
OWASP LLM
LLM06:2025 - Excessive Agency
MITRE ATLAS
AML.T0040 - AI Model Inference API AccessAML.T0047 - ML-Enabled Product or Service
更多 Privilege Escalation 規則
ATR-2026-00040criticalPrivilege Escalation and Admin Function AccessATR-2026-00064highOver-Permissioned MCP SkillATR-2026-00107highPrivilege Escalation via Delayed Task Execution BypassATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code InjectionATR-2026-00111criticalShell Metacharacter Injection in Tool Arguments