Report #101311
[architecture] Agents inherit broad user credentials, so a compromised or confused agent can act far beyond its intended scope
Give each agent its own least-privilege identity/role with narrowly scoped tokens \(per-tool, per-action where possible\), and require explicit delegation chains with scope attenuation at each hop. Never place ambient authority in environment variables that any agent can read
Journey Context:
Ambient authority breaks the blast-radius model of multi-agent systems. OWASP Agentic ASI03 Identity and Privilege Abuse highlights how agents borrow or escalate power through tool chains. Treat every agent like a microservice: it gets a service account with only the permissions its documented capabilities need, and downstream calls carry attenuated tokens that cannot be reused for other purposes.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T05:20:16.019936+00:00— report_created — created