{"id":14181,"date":"2026-04-26T23:13:55","date_gmt":"2026-04-26T23:13:55","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=14181"},"modified":"2026-04-26T23:13:55","modified_gmt":"2026-04-26T23:13:55","slug":"hackers-exploit-agent-id-administrator-position-to-hijack-service-principals","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=14181","title":{"rendered":"Hackers Exploit Agent ID Administrator Position to Hijack Service Principals"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p>A extreme scoping vulnerability was not too long ago found in Microsoft Entra ID\u2019s new Agent Id Platform. <\/p>\n<p>The safety flaw allowed customers assigned the Agent ID Administrator function to hijack arbitrary service principals throughout a corporation\u2019s tenant, resulting in potential privilege escalation.<\/p>\n<p>Though the executive function was designed strictly to handle AI agent identities, a boundary breakdown allowed it to manage non-agent service principals as effectively. Microsoft has totally patched the vulnerability throughout all cloud environments. <\/p>\n<p>Nonetheless, the incident highlights the continued dangers of introducing new management planes constructed on current listing primitives.<\/p>\n<p>When an software is registered in <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/gbhackers.com\/microsoft-entra-id-flaw\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Entra ID<\/a>, it creates a world software object and a neighborhood service principal. <\/p>\n<p>The service principal acts because the localized identification that authenticates, receives function assignments, and accesses enterprise assets.<\/p>\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"539\" src=\"https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-93.png\" alt=\"discrepancy between the Entra UI and the documentation\u00a0regarding\u00a0the \u201cprivileged\u201d indicator\u00a0will be fixed.\u00a0(Source: SilverFort)\" class=\"wp-image-184442\" srcset=\"https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-93.png 1024w, https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-93-300x158.png 300w, https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-93-768x404.png 768w, https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-93-798x420.png 798w, https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-93-150x79.png 150w, https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-93-696x366.png 696w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"\/><figcaption class=\"wp-element-caption\">discrepancy between the Entra UI and the documentation\u00a0relating to\u00a0the \u201cprivileged\u201d indicator\u00a0will probably be fastened.\u00a0(Supply: SilverFort)<\/figcaption><\/figure>\n<p>Microsoft Entra Agent ID is a preview function that enables<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/gbhackers.com\/microsoft-entra-id-adds-passkey-fido2-support\/\" target=\"_blank\" rel=\"noreferrer noopener\"> organizations to control and safe AI brokers<\/a> by treating them as first-class identities. The platform introduces new listing objects, comparable to agent identities and blueprints. <\/p>\n<p>As a result of these AI agent identities are technically applied as specialised service principals, they share a standard foundational infrastructure with commonplace enterprise functions.<\/p>\n<p>To handle these new AI objects, Microsoft created the Agent ID Administrator function. The documentation acknowledged that this function was restricted to agent-related objects. Nonetheless, because of the shared underlying structure between brokers and functions, a essential scoping hole emerged.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-hackers-exploit-agent-id-administrator-role\"><strong>Hackers Exploit Agent ID Administrator Position<\/strong><\/h2>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.silverfort.com\/blog\/agent-id-administrator-scope-overreach-service-principal-takeover-in-entra-id\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cybersecurity researchers from SilverFort discovered that<\/a> accounts holding solely the Agent ID Administrator function might exploit this scoping hole to take over any service principal.<\/p>\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"433\" src=\"https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-94.png\" alt=\"attack flow(Source: Silverfort)\" class=\"wp-image-184443\" srcset=\"https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-94.png 1024w, https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-94-300x127.png 300w, https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-94-768x325.png 768w, https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-94-993x420.png 993w, https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-94-150x63.png 150w, https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-94-696x294.png 696w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"\/><figcaption class=\"wp-element-caption\">assault circulate(Supply: Silverfort)<\/figcaption><\/figure>\n<p>The assault circulate executes by means of a easy however devastating takeover primitive:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Assign Unauthorized Possession:<\/strong>\u00a0An attacker with the Agent ID Administrator function can power themselves because the proprietor of any service principal, bypassing meant agent-only restrictions.<\/li>\n<li><strong>Generate New Credentials:<\/strong>\u00a0As soon as possession is established, the attacker can seamlessly connect a brand new secret or certificates to the focused service principal.<\/li>\n<li><strong>Authenticate and Hijack:<\/strong>\u00a0The attacker makes use of the newly created credentials to authenticate because the hijacked service principal, gaining all of its related entry rights.<\/li>\n<\/ul>\n<p>This course of grants the attacker full management over the compromised software identification. Curiously, the vulnerability was strictly restricted to the service principal floor, because the system efficiently blocked makes an attempt to change possession on broader software objects maliciously.<\/p>\n<p>The first hazard of this vulnerability lies in extreme privilege escalation. Service principals steadily function because the digital identities behind essential CI\/CD pipelines, automated workflows, and high-level safety instruments. <\/p>\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"jeg_video_container jeg_video_content\"><iframe loading=\"lazy\" title=\"Agent ID Administrator takes over a privileged non-agent service principal\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/DK3Ru2OoNEM?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/figure>\n<p>If an <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/gbhackers.com\/hackers-exploit-microsoft-graph-api\/\" target=\"_blank\" rel=\"noreferrer noopener\">attacker efficiently hijacks a service principal <\/a>that holds highly effective Microsoft Graph permissions or administrative listing roles, they instantly inherit these elevated rights.<\/p>\n<p>Whereas the Agent ID Administrator function is comparatively new, almost all enterprise tenants make the most of extremely privileged service principals. <\/p>\n<p>Moreover, the Entra consumer interface did not visually flag the Agent ID Administrator function as privileged, probably deceptive IT directors into assigning it with out enough safety scrutiny.<\/p>\n<p>Following accountable disclosure in February 2026, Microsoft confirmed the flaw and efficiently deployed a complete repair by April 9, 2026. <\/p>\n<p>The Agent ID Administrator function is now completely blocked from modifying the homeowners of non-agent service principals.<\/p>\n<p>To keep up strong safety, organizations should actively monitor delicate function utilization and alert safety groups to any sudden adjustments in service principal possession. <\/p>\n<p>Privileged service principals have to be handled as essential infrastructure and require steady auditing of any newly created credentials.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(135deg,rgb(238,238,238) 100%,rgb(169,184,195) 100%)\"><strong>Observe us on\u00a0<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/news.google.com\/publications\/CAAqKAgKIiJDQklTRXdnTWFnOEtEV2RpYUdGamEyVnljeTVqYjIwb0FBUAE?hl=en-IN&amp;gl=IN&amp;ceid=IN%3Aen\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google Information<\/a>,\u00a0<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/cyber-threat-intel\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and\u00a0<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/The_Cyber_News\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0to Get Instantaneous Updates and Set GBH as a Most well-liked Supply in\u00a0<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.google.com\/preferences\/source?q=https:\/\/gbhackers.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google<\/a>.<\/strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/about.gitlab.com\/releases\/2026\/04\/08\/patch-release-gitlab-18-10-3-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"\/><\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>A extreme scoping vulnerability was not too long ago found in Microsoft Entra ID\u2019s new Agent Id Platform. The safety flaw allowed customers assigned the Agent ID Administrator function to hijack arbitrary service principals throughout a corporation\u2019s tenant, resulting in potential privilege escalation. Though the executive function was designed strictly to handle AI agent identities, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":14183,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[8823,75,776,554,1119,8824,900,1127],"class_list":["post-14181","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-administrator","tag-agent","tag-exploit","tag-hackers","tag-hijack","tag-principals","tag-role","tag-service"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14181"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14181\/revisions"}],"predecessor-version":[{"id":14182,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14181\/revisions\/14182"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/14183"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-04-27 02:12:30 UTC -->