Entra Agent ID Flaw Lets Attackers Seize Privileged Service Principals
A critical flaw in Microsoft Entra’s Agent Identity Platform allowed users with the Agent ID Administrator role to take ownership of any service principal, generate new credentials, and impersonate high-privilege apps, enabling tenant-wide compromise; Microsoft patched the issue across cloud environments by April 2026. Security teams should identify and secure privileged service principals, using Azure CLI and the Microsoft Graph API to audit configurations and prevent abuse.