🟠 High  |  Source: AWS Security Blog


When AI agents delegate tasks to other agents in a chain, the authorisation scope can silently expand beyond what the original user permitted — a problem known as privilege escalation in agentic systems. This AWS blog post demonstrates how to use Cedar, AWS’s open-source policy language, to enforce least-privilege controls at every hop in a multi-agent chain. This matters because RBAC alone is insufficient to contain authorisation drift across complex, autonomous AI workflows.

Security Architect’s Take: If you are deploying multi-agent AI systems on AWS (e.g. using Amazon Bedrock Agents), implement Cedar policies that explicitly bind delegated permissions to the originating user’s authorisation context, and audit each agent-to-agent handoff as a distinct authorisation decision rather than inheriting the caller’s full role.

Original advisory: Enforce least-privilege authorization in multi-agent AI chains using Cedar