Back to Glossary
THREAT

Privilege Escalation

agent scope creepunauthorized access elevationpermission boundary violation

Privilege escalation in agentic AI is the acquisition — through injection or emergent reasoning — of capabilities or data access beyond what the agent's principal chain explicitly authorized.

ADVERSARIAL MECHANICS

Three escalation patterns dominate: (1) Authority Impersonation; (2) Scope Creep via Chaining; (3) Reasoning Exploitation — the model is guided through a logical chain concluding that elevated access is necessary and permitted.

PROTOCOL CONTEXT (VEX — AUTHORITY PILLAR)

VEX's Authority pillar maintains a cryptographically signed scope manifest for each session. This manifest is immutable for the session duration — no in-session reasoning or injected instruction can alter it.

ProvnAI Mitigation

The privilege.yaml ruleset operates as a semantic firewall on top of the VEX authority manifest. It detects authority-impersonation patterns and blocks scope-expanding tool chains not explicitly authorized.