// GLOSSARY -- SECURITY & COMPLIANCE

What is Privilege Escalation?

2 min read Updated

Privilege escalation is a security exploit where an entity gains access to tools or capabilities beyond what was initially authorised — either by exploiting vulnerabilities (vertical) or by leveraging another entity's permissions (horizontal).

WHY IT MATTERS

In AI agent systems, privilege escalation can be subtle. An agent might convince another agent to invoke a tool on its behalf (horizontal escalation). Or it might use a permitted tool in an unintended way to achieve the effect of a denied tool (vertical escalation). Or prompt injection might cause it to bypass its own prompt-level restrictions.

Vertical escalation (gaining higher privileges) in MCP systems means an agent gaining access to tools it should not have — calling execute_command when only read_file was authorised. This could happen through tool chaining, MCP server misconfiguration, or prompt injection.

Horizontal escalation (accessing other agents' tool access) is equally dangerous in multi-agent systems. Agent A might trick Agent B into calling a tool that Agent A is not authorised to use.

HOW POLICYLAYER USES THIS

Intercept prevents tool-level privilege escalation through its fail-closed YAML policy model. Agents cannot escalate their own privileges because they cannot modify, read, or influence their own policy files. The policy is external to the agent — managed by operators, enforced by Intercept. Even if an agent is fully compromised via prompt injection, it can only invoke tools explicitly allowed in its YAML policy.

FREQUENTLY ASKED QUESTIONS

How might an AI agent escalate tool privileges?
Through prompt injection (manipulating prompt-level restrictions), tool chaining (using permitted tools to achieve the effect of denied ones), delegation exploitation (tricking other agents), or MCP server misconfigurations that expose unintended tools.
How does Intercept prevent privilege escalation?
Intercept separates policy management from agent execution. The agent has no access to its own policy. Policies are YAML files managed by operators. Intercept enforces them at the proxy level — the agent cannot modify, bypass, or escalate beyond what the policy allows.
What about multi-agent escalation?
Each agent's MCP connection can be routed through Intercept with its own policy. Agent A cannot use Agent B's tool access because each agent is independently constrained by its own policy — there is no shared privilege surface.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.