Agents discover and invoke API endpoints outside their use case, chain individually authorized calls into unauthorized outcomes, circumvent segregation-of-duties workflows, or experience permission creep during operation, defeating intended authorization boundaries.
AI/ML / Multi Agent Refarch / Threats / DEV
Authorization bypass and tool-chain privilege escalation
CCC.MARefArc.TH27
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP19 | MCP-interaction zero-trust guardrails | Enforces authentication and authorization for every MCP request and governs which agents may use which tools, applying rate limits and validating tool-call parameters. |
| CCC.MARefArc.CP07 | Unified sandboxed agent runtime | Secure, sandboxed environment where all agentic reasoning and execution occurs, providing task state management for pause/resume/handoff and intercepting and validating tool calls with credentials handled securely within the sandbox. |
| CCC.MARefArc.CP08 | Built-in trusted tools | A collection of bundled, trusted tools providing fundamental capabilities: the MCP client bridge to the external MCP layer, a sandboxed shell, workspace I/O, and web search. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CN11 | Agent Authority Least Privilege Framework | Constrain each agent's authority to the minimum set of tools, APIs, and data required for its task, enforced by the runtime and MCP guardrails, and prevent permission creep during operation. |
| CCC.MARefArc.CN12 | Tool Chain Validation and Sanitization | Validate tool selection, sanitize tool-call parameters, and constrain tool sequencing within the runtime and MCP guardrails to prevent manipulation of agent tool use. |
| CCC.MARefArc.CN14 | Multi-Agent Isolation and Segmentation | Isolate agents and their memory and state so that compromise or failure of one agent cannot propagate to others, and enforce segmentation of agent-to-agent communication. |
| CCC.MARefArc.CN15 | Agentic System Credential Protection Framework | Prevent agents from discovering, extracting, or misusing credentials by brokering secrets outside agent-accessible surfaces and constraining tool access to credential stores. |
| CCC.MARefArc.CN23 | Agent Decision Audit and Explainability | Record an auditable trace of agent decisions, including tool selections, inputs, and rationale, sufficient to explain and review autonomous actions after the fact. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| air-vec | AIR-SEC-024-01 | |
| air-vec | AIR-SEC-024-02 | |
| air-vec | AIR-SEC-024-03 | |
| air-vec | AIR-SEC-024-04 |