Taxonomy of agent threats

11 views
Skip to first unread message

Alan Karp

unread,
Jun 30, 2026, 4:06:20 PM (2 days ago) Jun 30
to <friam@googlegroups.com>
This taxonomy of agent threats is pretty interesting, but I think they go the confused deputy backwards.

--------------

Alan Karp

Mark S. Miller

unread,
Jun 30, 2026, 6:02:49 PM (2 days ago) Jun 30
to fr...@googlegroups.com
Yup, backward.
> --
> You received this message because you are subscribed to the Google Groups "friam" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/friam/CANpA1Z0iUxUzw3Vs4n5NMJ2M9BOTpJjv5QzgPiQTCF5btS6YJg%40mail.gmail.com.



--
Cheers,
--MarkM
image.png

Mike Stay

unread,
Jun 30, 2026, 6:39:27 PM (2 days ago) Jun 30
to fr...@googlegroups.com
I think it's OK but unclear. In the classic XSRF, if "someone" is the
attacker and "someone else" is the user who visits the attacker's
site, the agent is using "someone else's" permissions/privileges to
perform an action on behalf of "someone".
> To view this discussion visit https://groups.google.com/d/msgid/friam/CAK5yZYizzE-%3Dq%3DNaaqVrSwzXrMvxr%3DpZMW__sX4uvo9EJrUC5g%40mail.gmail.com.



--
Mike Stay - meta...@gmail.com
https://math.ucr.edu/~mike
https://reperiendi.wordpress.com

Kurt Thams

unread,
Jun 30, 2026, 6:46:24 PM (2 days ago) Jun 30
to fr...@googlegroups.com

If the confused deputy is backwards, is that the same as double-negation; thus makes him less confused?

kurt


https://aembit.io/wp-content/uploads/2026/06/the-taxonomy-of-agent-threats.pdf

Matt Rice

unread,
Jun 30, 2026, 8:41:03 PM (2 days ago) Jun 30
to fr...@googlegroups.com
Occasionally one does hit the pinata despite being disoriented?
> To view this discussion visit https://groups.google.com/d/msgid/friam/99d869e8-a402-403e-a7c8-46e910e2dde3%40gmail.com.

William ML Leslie

unread,
Jul 1, 2026, 7:23:57 AM (23 hours ago) Jul 1
to fr...@googlegroups.com
On Wed, 1 Jul 2026 at 06:06, Alan Karp <alan...@gmail.com> wrote:
This taxonomy of agent threats is pretty interesting, but I think they go the confused deputy backwards.

So - is it always the case that in a confused deputy, the deputy uses its own credentials to access a resource the invoker requests?  I guess it's possible it uses one invoker's credential with a different invoker's request, I guess we don't see that as frequently.

IMO: it's important to remember that "unintentionally" is also part of the definition.

--
William ML Leslie
A tool for making confused deputy vulnerabilities disappear?

Alan Karp

unread,
Jul 1, 2026, 11:11:57 AM (19 hours ago) Jul 1
to fr...@googlegroups.com
On Wed, Jul 1, 2026 at 4:23 AM William ML Leslie <william.l...@gmail.com> wrote:
On Wed, 1 Jul 2026 at 06:06, Alan Karp <alan...@gmail.com> wrote:
This taxonomy of agent threats is pretty interesting, but I think they go the confused deputy backwards.

So - is it always the case that in a confused deputy, the deputy uses its own credentials to access a resource the invoker requests?  I guess it's possible it uses one invoker's credential with a different invoker's request, I guess we don't see that as frequently.

IMO: it's important to remember that "unintentionally" is also part of the definition.
I'd argue that it's "intentionally" because the deputy has no choice but to invoke with its own permissions.

--------------
Alan Karp

William ML Leslie

unread,
Jul 1, 2026, 4:59:21 PM (13 hours ago) Jul 1
to fr...@googlegroups.com
As in, it's not a confused deputy if it intentionally uses its own permissions to access a resource named by the client.  If it was, then the KeyKOS Directory would be a confused deputy.

--
William ML Leslie
A tool for making silly arguments online when you have things to do?

Alan Karp

unread,
Jul 1, 2026, 5:13:39 PM (13 hours ago) Jul 1
to fr...@googlegroups.com
Fair enough.  Unintentionally it is.

--------------
Alan Karp


--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages