Skip to content

Hide Navigation Hide TOC

Cross-Agent Privilege Escalation - ATR-2026-00074 (1b5085e8-f8b7-5d0d-92f9-2babd77f18e1)

Detects agents using inter-agent communication channels to escalate privileges beyond their authorized scope. Attackers exploit multi-agent architectures by having a compromised or lower-privilege agent forward credentials, assume roles of higher-privilege agents, or bypass orchestrator controls through direct agent-to-agent messaging. This enables lateral movement across agent boundaries and unauthorized access to restricted tools or data.

Cluster A Galaxy A Cluster B Galaxy B Level
Cross-Agent Privilege Escalation - ATR-2026-00074 (1b5085e8-f8b7-5d0d-92f9-2babd77f18e1) Agent Threat Rules Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 1
Cross-Agent Privilege Escalation - ATR-2026-00074 (1b5085e8-f8b7-5d0d-92f9-2babd77f18e1) Agent Threat Rules Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 1
Cross-Agent Privilege Escalation - ATR-2026-00074 (1b5085e8-f8b7-5d0d-92f9-2babd77f18e1) Agent Threat Rules Indirect (a4a55526-2f1f-403b-9691-609e46381e17) MITRE ATLAS Attack Pattern 1
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern Indirect (a4a55526-2f1f-403b-9691-609e46381e17) MITRE ATLAS Attack Pattern 2