THREATOPS
THREAT OPSThreat News › Entra Agent ID: Inside a cross-tenant agent compromise

Entra Agent ID: Inside a cross-tenant agent compromise

lowdatadog_seclabsPublished 2026-06-18

Continuing our Agent ID series, this post demonstrates how a privileged agent could be compromised through its third-party blueprint. This leads to a cross-tenant incident similar to Midnight Blizzard, since an attacker with control over an agent blueprint can authenticate as any agent associated with that blueprint.

Attributed threat actors

Original source: https://securitylabs.datadoghq.com/articles/agent-id-inside-agent-compromise/