Microsoft Patches Entra ID AI Agent Role That Enabled Service Principal Takeover

Silverfort researchers found that the “Agent ID Administrator” built-in role in Microsoft Entra ID — introduced to manage AI agent identity lifecycle — could be abused to escalate privileges and take over service principals. The role grants full create, update, and delete control over agent identities, which can then be leveraged to impersonate or hijack service principals with existing resource access.

Microsoft has patched the flaw. Organizations using Microsoft’s AI agent platform should audit current holders of the Agent ID Administrator role and scope it to least-privilege principals only. IAM reviews should now extend to AI agent identity roles alongside traditional privileged accounts such as Global Administrator and Privileged Role Administrator. This is a recurring pattern: new AI-adjacent roles introduced rapidly often carry over-broad permissions that aren’t caught in standard access reviews.