231/69 Tuesday, April 29, 2026
Researchers from Silverfort have disclosed a vulnerability in Microsoft Entra Agent ID, a mechanism designed to manage digital identities for AI agents. The issue lies in the Agent ID Administrator role, which was intended to manage only agent-related objects but was found to have excessive permissions. This allowed it to modify other Service Principals within the tenant, creating a risk of privilege escalation and potential tenant takeover if the targeted Service Principal held high privileges.
The attack process begins with an attacker who has Agent ID Administrator privileges using Microsoft Graph API or Azure CLI to identify high-privileged Service Principals, such as those with RoleManagement.ReadWrite.Directory permissions. The attacker can then assign themselves as the owner of the target Service Principal and perform credential injection by adding a new password or certificate, effectively impersonating it. Researchers noted that this chain could lead to escalation up to the Global Administrator level, granting full control over the tenant.
Silverfort reported the issue to Microsoft on March 1, 2026. Microsoft confirmed the vulnerability and completed remediation across all cloud environments by April 9, 2026. The fix restricts the Agent ID Administrator role from managing ownership of non-agent Service Principals. Organizations are advised to review audit logs for suspicious changes to Service Principal ownership or the creation of new secrets in privileged accounts, to detect any potential past compromise.
Source https://hackread.com/microsoft-entra-agent-id-flaw-tenant-takeover/