Identity , Privileged access management , AI/ML , Generative AI Microsoft patches Entra ID bug that let AI agents escalate privileges April 28, 2026 Share By Steve Zurier (Adobe Stock) An admin role Microsoft calls Agent ID Administrator meant for AI agents in Microsoft Entra ID could let threat actors execute privilege escalation and identity takeovers. In an April 23 blog post , Silverfort researchers said as the adoption of the Agent ID Administrator role grows in the AI era, this so-called “scope gap” in which a low-privilege role gains much higher privileges could become a meaningful identity security risk. The researchers were concerned because an attacker could achieve full service principal takeover, which means that in tenants in which high-privileged service principals exist, it becomes a privilege escalation path. Silverfort disclosed this behavior to Microsoft, which fixed it and released a patch April 9. Jacob Warner, director of IT at Xcape, Inc., said the vulnerability in the Microsoft Entra ID Agent ID Administrator role highlights a critical "scoping gap" in the pursuit of AI-driven automation. By allowing a supposedly low-privileged role meant for managing AI agents to seize ownership of high-value service principals, Warner said Microsoft inadvertently created a "skeleton key" for tenant-wide privilege escalation. Warner said the business impact is severe: any compromised account or malicious insider with this role could have silently injected credentials into powerful applications — such as those with AppRoleAssignment.ReadWrite.All or Directory.ReadWrite.All permissions — effectively achieving Global Administrator status. “While Microsoft’s backend patch on April 9 remediated the flaw, the remediation was silent, leaving a transparency gap for SOC teams who must now retroactively audit for illicit ‘owner addition’ events that occurred between the role's introduction and the fix,” said Warner. “This incident underscores that as identity platforms evolve to support non-human identities like AI agents, the traditional scoping of ‘built-in’ roles is no longer a safe assumption. Organizations must treat service principal ownership with the same zero-trust rigor as user role assignments.” Darren Guccione, co-founder and CEO at Keeper Security, added that every AI agent that enters an enterprise environment introduces a new identity, a new attack surface and a new compliance obligation — and the governance frameworks organizations built for human users were never designed to carry that weight. “What Silverfort uncovered in the Agent ID Administrator role is a precise and timely illustration of where that gap becomes dangerous,” said Guccione. “AI agent infrastructure is being constructed at speed, layered on top of outdated, existing identity security models, and the assumptions baked into traditional role design do not automatically transfer.” Guccione said in this case, attackers could use a role scoped to manage agent identities to take ownership of arbitrary service principals, including those carrying the highest privileges in the tenant. That’s not a theoretical risk, said Guccione: Silverfort's analysis of customer environments found that 99% of tenants have at least one privileged service principal, which means the conditions for this escalation path exist in virtually every enterprise environment running Entra ID. “Microsoft responded responsibly and the fix is in place,” said Guccione. “But the disclosure that deserves equal attention is the one organizations need to make to themselves: are the AI agent roles deployed in our environments being governed with the same rigor as human privileged identities? Because if they aren't, we are operating with a visibility gap that adversaries will find before we do.” Steve Zurier Related Privacy New legislation renewing surveillance program draws fire across party lines SC Staff April 28, 2026 Both sides of the political aisle have slammed the latest legislation implementing a three-year reauthorization for Section 702 of the Foreign Intelligence Surveillance Act, which was introduced by House Speaker Mike Johnson, R-La., in the wake of the House's approval of a 10-day extension following failed attempts to achieve an 18-month renewal, CyberScoop reports. Identity 95% of Singapore firms push weaker AI identity rules SC Staff April 28, 2026 A stark new Delinea study reveals that 95% of Singaporean organizations are pressuring their security teams to relax identity controls in the rush to deploy artificial intelligence, even as nearly half acknowledge that their governance frameworks for AI systems remain critically deficient, according to Security Brief Asia. AI/ML Agent identity blind spot exposes enterprises SC Staff April 28, 2026 Organizations racing to deploy AI agents into production are overlooking a critical design failure: identity frameworks built for human cadences and static permissions are collapsing under the velocity of autonomous, continuously operating machine identities, creating a cascading risk where blurred accountability, assumed trust, and outdated access controls converge, according to Forbes. Related Events Cybercast IAM for MSSPs: Real-World Deployments Mon May 18 Cybercast Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control On-Demand Event Cybercast The industrialization of identity compromise On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Access Control Algorithm Basic Authentication Biometrics Certificate-Based Authentication Challenge-Handshake Authentication Protocol (CHAP) Digest Authentication Digital Certificate Escrow Passwords Finger You can skip this ad in 5 seconds