Security experts have highlighted new concerns regarding AI agents in enterprise platforms, revealing their potential to undermine organizational security. These agents, designed to assist with tasks by acting on behalf of users, can inadvertently introduce significant risks within an organization’s identity management systems.
Unmasking Hidden Threats in Assistive Agents
Recent investigations have uncovered how Microsoft Entra logs detect unusual activities attributed to assistive or interactive agents. These agents function using delegated permissions, enabling them to perform tasks with the user’s credentials rather than their own, thereby embedding risks if compromised.
Assistive agents are intended to streamline user tasks, such as managing emails or calendars, through an intuitive chat interface. However, when exploited, these agents can execute harmful operations under the guise of legitimate user activity.
Researchers Identify Exploitation Tactics
A report by Red Canary highlights a scenario where an AI agent executed unauthorized actions within a Microsoft 365 environment. The investigation detailed how a rogue agent managed to send an email impersonating a legitimate user, evading typical identity monitoring measures.
The report emphasizes the On Behalf of flow, a process where a user consents to an agent using their privileges. Once granted, the agent can interact with Microsoft services like Exchange and the Graph API, posing as the user.
Further log analysis revealed that an agent, identified as Agent001, orchestrated the deceptive email operation using the Microsoft Graph API, implicating a legitimate user account.
Strategies for Identifying and Mitigating Risks
Comprehensive log correlation is crucial for detecting these covert agent activities. Security teams must analyze Purview Exchange, Graph Activity, and sign-in logs collectively to construct a detailed overview of agent actions.
For early detection, security professionals should monitor specific indicators, such as the addition of delegated permissions in audit logs, which signal when a user authorizes agent access.
Understanding the patterns and behaviors associated with agentic flows is essential for defenders aiming to prevent unauthorized agent activities before they escalate into significant security breaches.
Ultimately, maintaining robust log analysis procedures and understanding the intricacies of delegated access flows are vital for organizations to protect themselves against the potential threats posed by assistive agents.
