HARDENED Cybersecurity Intelligence Daily Briefing · Wednesday, April 29, 2026 · hardened.news |
> The signal. Not the noise. — For teams that defend. |
Lead Story | High — AI Identity Privilege Escalation · Patched April 9 | Enterprise · IT Ops · Cloud+DevOps |
|
Microsoft’s AI Agent Role Could Own Any Service Principal in Your Entra Tenant — Verify the April 9 Fix Applied
The Agent ID Administrator role was designed to manage AI agents only. Researchers found it could take ownership of any service principal in the tenant and inject credentials into it — including principals with privileged directory roles.
Silverfort privately disclosed a scope overreach in Microsoft Entra ID’s Agent ID Administrator role to Microsoft on March 1, 2026; the public blog post detailing the findings was published April 23. The role — designed to manage AI agent objects only — could be used to take ownership of any service principal in the tenant and add credentials to it. An attacker holding or gaining the Agent ID Administrator role could then authenticate as any targeted service principal, including those with elevated Graph API permissions or privileged directory roles, effectively controlling the tenant. Microsoft patched the issue across all cloud environments on April 9.
The blast radius follows AI agent deployment scale. Silverfort found that more than half of Entra tenants use agent identities averaging around 100 per tenant, and 99 per cent of tenants contain at least one privileged service principal reachable via this path. The remediation is deployed — but the action now is confirming the April 9 update is reflected in your tenant and auditing who currently holds the Agent ID Administrator role. This is Monday’s NHI governance problem in a specific Microsoft product: a role scoped for agents that carried far more reach than its purpose required.
→ Key Takeaway Verify the April 9, 2026 Entra ID update is active in your tenant — the Agent ID Administrator role should now be restricted to agent-related objects only. Audit every account currently holding that role and remove assignments that are not operationally necessary. Any organization that deployed AI agents in Entra ID after February 2026 should treat this as a standing NHI privilege review trigger. |
HARDENED does not endorse or recommend specific vendors. Tools are listed for awareness only.
Quick Hits
| 01 |
Anthropic Investigating Unauthorized Access to Mythos Preview — Discord Group Has Had Continuous Access Since April 7
Anthropic is investigating unauthorized access to Claude Mythos Preview, after a Discord group used Anthropic’s internal model URL naming conventions — reportedly exposed in the April 2 Mercor breach — combined with a contractor group member’s knowledge to locate and access the model on its April 7 announcement day. Anthropic confirmed the investigation and said no evidence indicates the access affected its own systems, though the group has had continuous access since. Mythos is the model Anthropic described as capable of discovering and chaining zero-day exploits across major operating systems — the access governance question is the story, not the access itself. TechCrunch →
| Intel — AI Security | Enterprise · Cloud+DevOps |
|
CVE Watch
|
CVE Watch
CVE-2024-57726 — SimpleHelp RMM: CVSS 9.9 Privilege Escalation Confirmed as DragonForce Ransomware Precursor
CISA added CVE-2024-57726 to the KEV catalog on April 24, confirming DragonForce ransomware operators are using SimpleHelp flaws as a ransomware staging vector. A low-privileged technician account can create API keys with permissions exceeding their own role, then use those keys to escalate to server administrator — in environments where SimpleHelp manages hundreds of endpoints, this translates to full infrastructure access from a single compromised technician credential. Chain with CVE-2024-57728 (CVSS 7.2, path traversal allowing arbitrary file upload) for code execution on the SimpleHelp server. Patch to version 5.5.8 or later immediately; if SimpleHelp is not in active use, take it offline.
| Vendor: SimpleHelp · CVE: CVE-2024-57726 + CVE-2024-57728 · CVSS: 9.9 / 7.2 · Affected: SimpleHelp < 5.5.8 · Fix: Upgrade to 5.5.8+ · Exploitation: Active — CISA KEV April 24, DragonForce ransomware confirmed |
|
Compliance Tip of the Day
|
NIST CSF 2.0 — PR.PS-01 — Protect: Platform Security — Configuration Management
Scope Your Roles to What They Actually Need — Then Verify
The Entra ID Agent ID Administrator flaw existed because a role’s permission boundary was not enforced to match its stated purpose — a configuration baseline failure, not a code vulnerability. NIST PR.PS-01 requires that configuration management practices are established and applied, which includes verifying that identity roles are scoped to exactly the objects they are documented to manage. Concrete action (PR.PS-01): Document the intended scope of every Entra ID role that touches service principals or agent identities, then verify actual permissions match that scope. Treat any role whose effective reach exceeds its stated purpose as a misconfiguration — not a feature. nist.gov/cyberframework →
|
|
HARDENED | This newsletter does not constitute professional security advice. Security configurations and threat landscapes vary by organization. Consult a qualified security professional for implementation guidance specific to your environment. How we work: HARDENED uses AI agents for research, drafting, and automation. Every issue is reviewed by humans before publication. If you spot an error, reply directly — we correct the record promptly. Sources: The Hacker News (“Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover”), thehackernews.com · Silverfort (“Agent ID Administrator scope overreach: Service Principal takeover in Entra ID”), silverfort.com · CSO Online (“Microsoft patched an agent-only role that was not”), csoonline.com · TechCrunch (“Unauthorized group has gained access to Anthropic’s exclusive cyber tool Mythos”, April 21, 2026), techcrunch.com · Engadget (“Anthropic is investigating unauthorized access of its Mythos cybersecurity tool”), engadget.com · Fortune (“Mercor, a $10 billion AI startup, confirms it was the victim of a major cybersecurity breach”, April 2, 2026), fortune.com · The Hacker News (“CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline”), thehackernews.com · CISA KEV Catalog (CVE-2024-57726, CVE-2024-57728, added April 24, 2026), cisa.gov · CyberSecurityNews (“CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attacks”), cybersecuritynews.com · NIST CSF 2.0 (PR.PS-01), nist.gov/cyberframework |
|
|
