An administrative role meant for AI agents within Microsoft’s Entra ID ecosystem could allow privilege escalation and tenant takeover attacks, as it had privileges over more than agent-related objects. Researchers at Silverfort found that users assigned to Microsoft’s “Agent ID Administrator” role, scoped to agent-related objects like blueprints and agent identities, could take ownership of unrelated service principals across the tenant. These users could then attach credentials and authenticate as those applications (unrelated services) to potentially manipulate app-to-app communication inside enterprise environments. “Prior to the fix, the Agent ID Administrator role allowed assigning owne...