Delegation Abuse

Abuse agent delegation mechanisms to escalate privileges through trusted agent chains

Tactic

Privilege Escalation (Stage 4)

Escalate capabilities beyond declared scope or bypass authorization

Attack Class

AGENT-IMPERSONATE

Impersonating trusted agents or administrative roles to gain unauthorized access

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

delegation-privilege-escalation

Honeypot Coverage (AgentPwn)

Livea2a-attackagentpwn.com/attacks/a2a-attack

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Detection (HackMyAgent)

Live4 live · 0 queued

AUTH-001AUTH-002AUTH-003AUTH-004

npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live5 live · 0 queued

OASB 2.1 OASB 2.2 OASB 2.3 OASB 2.4 OASB 2.5

Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-4004 (Delegation Abuse). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-4004

← Back to Matrix