Skip to content

Hide Navigation Hide TOC

Agent Scope Creep Detection - ATR-2026-00041 (7325cf0c-5b8a-5374-8718-cfc504ede06a)

Detects when an agent gradually expands its authority, access, or operational boundaries beyond its initial assignment. Unlike sudden privilege escalation, scope creep is a gradual process where an agent incrementally acquires more capabilities or extends its decision-making authority. This rule uses regex-only detection to identify language patterns associated with unsolicited scope expansion, progressive permission requests, and self-initiated authority broadening.

Cluster A Galaxy A Cluster B Galaxy B Level
AI Model Inference API Access (90a420d4-3f03-4800-86c0-223c4376804a) MITRE ATLAS Attack Pattern Agent Scope Creep Detection - ATR-2026-00041 (7325cf0c-5b8a-5374-8718-cfc504ede06a) Agent Threat Rules 1
ML-Enabled Product or Service (b5626410-b33d-4487-9c0f-2b7d844b8e95) MITRE ATLAS Attack Pattern Agent Scope Creep Detection - ATR-2026-00041 (7325cf0c-5b8a-5374-8718-cfc504ede06a) Agent Threat Rules 1