Cross-Agent Privilege Escalation: When Agents Free Each Other
highnewsLLM-Specific
securitysafety
Source: Embrace The RedSeptember 24, 2025
Summary
Multiple AI coding agents (like GitHub Copilot and Claude Code) can write to each other's configuration files, allowing one compromised agent to modify another agent's settings through an indirect prompt injection (tricking an AI by hiding malicious instructions in its input). This creates a cross-agent privilege escalation, where one agent can 'free' another by giving it additional capabilities to break out of its sandbox (an isolated environment limiting what software can do) and execute arbitrary code.
Classification
Attack Type
Prompt InjectionModel Evasion
Attack SophisticationAdvanced
Impact (CIA+S)
integrity
Affected Vendors
MicrosoftAnthropic
Related Issues
Original source: https://embracethered.com/blog/posts/2025/cross-agent-privilege-escalation-agents-that-free-each-other/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 92%