KQL Search

Query Details

HomeAI ToolsDevice Query

AI Agent With Weak Authentication Or Access Control

Query

# *AI Agent with Weak Authentication or Access Control*

## Query Information

#### MITRE ATT&CK Technique(s)

| Technique ID | Title    | Link    |
| ---  | --- | --- |
|  |  |  |

#### Description

This rule detects AI Agents configured with weak authentication types (None, Anonymous) or overly permissive access control policies ('allowedForAll' or 'unrestricted' capabilities). Such configurations can expose the AI Agent to unauthorized access or manipulation.

#### Author <Optional>
- **Name: Benjamin Zulliger**
- **Github: https://github.com/benscha/KQLAdvancedHunting**
- **LinkedIn: https://www.linkedin.com/in/benjamin-zulliger/**


## Defender XDR
```KQL
AIAgentsInfo
| where TimeGenerated >= ago(7d)
| extend RawInfo = parse_json(RawAgentInfo)
| extend AuthTrigger = toint(RawInfo.Bot.Attributes.authenticationtrigger.Value)
| extend IsStateActive = toint(RawInfo.Bot.Attributes.statecode.Value) == 0
| where UserAuthenticationType in~ ("None", "Anonymous") 
    or AccessControlPolicy =~ "allowedForAll"
    or AccessCapabilities has "unrestricted"
| project TimeGenerated, 
          AIAgentId, 
          AIAgentName, 
          LastModifiedByUpn, 
          UserAuthenticationType, 
          AccessControlPolicy, 
          AccessCapabilities, 
          AgentStatus
| extend HostCustomEntity = LastModifiedByUpn```

Explanation

This query is designed to identify AI Agents that have weak security settings, specifically focusing on authentication and access control. Here's a simplified breakdown:

  1. Data Source: The query looks at information from a dataset called AIAgentsInfo.

  2. Time Frame: It examines data from the past 7 days.

  3. Security Checks:

    • It checks if the AI Agent's authentication type is set to "None" or "Anonymous", which means there is little to no authentication required.
    • It looks for access control policies labeled as "allowedForAll", indicating that the agent is accessible to everyone.
    • It checks if the agent has "unrestricted" access capabilities, meaning there are no limitations on what the agent can do or who can access it.

  4. Output: The query outputs a list of AI Agents with the following details:

    • When the data was generated (TimeGenerated).
    • The unique identifier for the AI Agent (AIAgentId).
    • The name of the AI Agent (AIAgentName).
    • The user who last modified the agent (LastModifiedByUpn).
    • The type of user authentication used (UserAuthenticationType).
    • The access control policy in place (AccessControlPolicy).
    • The capabilities of access (AccessCapabilities).
    • The current status of the agent (AgentStatus).

  5. Additional Information: The query also extends the output with a custom entity (HostCustomEntity) based on the user who last modified the agent.

Overall, this query helps identify AI Agents that might be vulnerable to unauthorized access due to weak authentication and access control settings.

Details

Benjamin Zulliger profile picture

Benjamin Zulliger

Released: June 8, 2026

Tables

AIAgentsInfo

Keywords

AIAgentsInfoRawAgentInfoBotAttributesUserAuthenticationTypeAccessControlPolicyAccessCapabilitiesAIAgentIdAIAgentNameLastModifiedByUpnAgentStatusHostCustomEntity

Operators

AIAgentsInfowhereextendparse_jsontointprojecthasin~=~>===or

Actions