Microsoft’s AI Agent Role Had a Scoping Bug

Microsoft’s Entra Agent Identity Platform had a scoping bug in its Agent ID Administrator role, allowing users with this role to take over any service principal in a tenant, not just AI agent identities. Microsoft has patched the vulnerability, and no user action is required, but an audit of Entra logs for specific activities before April 9 is recommended.