Back to Catalog
Owasp Agentic AI
top10_2026
ASI03 - Identity & Privilege Abuse
Agent assumes or escalates high-privilege credentials for unauthorized actions.
Intent & Description
'
🎯 Intent
Prevent agents from escalating privileges or assuming identities beyond their authorized scope.
📋 Context
Agents may be granted credentials or assume identities to perform tasks. Without proper controls, they can escalate privileges or impersonate higher-authority entities.
💡 Solution
Apply least privilege principle. Use short-lived, scoped tokens. Implement identity verification at each action. Monitor for privilege escalation attempts. Use role-based access controls. Audit all identity assumptions.'
Real-world Use Case
Use when agents operate with credentials, service accounts, or delegated authority in any system.
📌 TL;DR
Apply least privilege to agents. Use scoped tokens, verify identity per action, detect privilege escalation attempts.
Advantages
- Prevents privilege escalation
- Limits blast radius of compromise
- Enables access auditing
- Supports zero-trust principles
Disadvantages
- Token management adds complexity
- Least privilege requires careful scoping
- May break legitimate workflows