Detect and report on Entra AI agents with risky permissions #2011
Description
Prerequisites
- This issue has an informative and human-readable title.
💡 Summary
Enhance the existing ScubaGear Entra report by adding information to help agencies identify and remediate Risky AI agents. We already have logic that identifies risky applications and risky third party service principals. This will be similar since it will identify agents with dangerous permissions.
Based on hands-on prototyping with Entra agents and their features, we will add two new sections:
Section 1 - High risk AI Agents (list of agents that have risky permissions - similar to what we currently show for oAuth apps).
Section 2 - High risk Agent Blueprints (list of agent blueprints that have risky permissions) (blueprints with risky permissions can potentially be dangerous because if any "inheritable" risky permissions are defined on the blueprint. When permissions on the blueprint are inheritable, any agents created from that blueprint also get those permissions so ScubaGear can indicate if the permissions are inheritable in the report).
Note: I have developed scripts to query agents and agent blueprints from MS Graph, which can inform this issue.
Motivation and context
With Microsoft releasing new functionality on agentic AI, Scuba needs to create new capabilities to help agencies mitigate the unique new risk surface that is blooming. Since these capabilities are nascent, we want to try and get ahead of the new risk frontier.
Implementation notes
TBD - Needs design discussion and some prototyping.
Acceptance criteria
- Complete the implementation actions.
- Developer testing complete.