MICROSOFT has fixed a flaw in Microsoft Entra ID that could let attackers hijack service accounts via the Agent ID Administrator role, which manages AI agent identities and access. Researchers found that accounts with only this role could take over arbitrary service principals—becoming owner, injecting credentials and authenticating as that principal, effectively enabling full service principal takeover and privilege escalation.
According to Silverfort’s report, this scope gap meant even non-agent service principals could be affected, and the issue stemmed from a mismatch between agent-related and standard identities. Microsoft introduced Agent ID to manage agent identities, but the fix blocks such actions by restricting the role to agent-related objects.
The company confirmed the fix has been fully rolled out, with a timeline noting vulnerability identification on 24 February 2026 and the final fix reaching pre-release and full rollout stages by April 9 and April 4, 2026 respectively. SecurityAffairs highlights that as adoption of the Agent ID Administrator role grows, organisations should monitor privileged service principals and credential changes as part of identity control audits, and that the incident underscores the risk of gaps in new identity models. According to Silverfort, the PoC video demonstrated the takeover path used to access a privileged service principal.