SAIL 2.0

/

Deploy - Runtime Guardrails

/

Agent Session Smuggling and A2A Identity Impersonation

5.18

.

Agent Session Smuggling and A2A Identity Impersonation

sail
5.18
Risk

Agent Session Smuggling and A2A Identity Impersonation

Description

Agents act under another identity through ACP/A2A gaps, session smuggling, or virtual-agent APIs that permit impersonation.

Example

An attacker exploits a virtual-agent API to act as a privileged user, performing actions the attacker is not authorized for.

Assets Affected

AI Agent

Agent Identity

Agent Communication Protocol (ACP)

Agentic Platform

Mitigation
  • Authenticate every handoff with scoped tokens
  • bind agent identity to action context
  • reject mismatched identity claims
  • alert on impersonation patterns.
Standards Mapping
  • ISO: A.4.5, A.6.2.6
  • OWASP agentic: ASI03, ASI07
  • OWASP LLM: LLM06:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-Core 13.9, Agents-MCP Server 13.25
  • AIUC-1: B007, B008