Agent Privilege Lab
Welcome to the Agent Privilege Lab. Our mission is to help visitors explore the impact of privilege weaknesses and controls on the level of risk their agents pose to their organizations.
Using frameworks including OWASP & MITRE, we have compiled a wide range of risky scenarios and explain step-by-step how your agents can mistakenly or maliciously cause significant damage to your environments.
Play around with each of the scenarios below and use the Simulator to adjust the privilege levels and see how your cloud, DB, and other resources stand up under different agent risk postures.
Agent fabricates data or blindly trusts unverified inputs, presenting fiction as fact.
Malicious content in data sources hijacks the agent's reasoning and actions.
Agent performs actions beyond what was requested — destructive operations, unauthorized access, or over-fetching data.
Agent leaks sensitive data — credentials, secrets, or private information — through unsafe queries or outputs.
Errors compound as the agent continues acting on incorrect assumptions without human checkpoints.
Compromised tools or plugins inject malicious behavior into the agent's workflow.
Attackers extract the agent's configuration, credentials, or internal knowledge to enable targeted attacks.
Agent drifts from its intended purpose, progressively escalating actions beyond user intent.