Risk
Agent Session Smuggling and A2A Identity Impersonation
Description
Agents act under another identity through ACP/A2A gaps, session smuggling, or virtual-agent APIs that permit impersonation.
Example
An attacker exploits a virtual-agent API to act as a privileged user, performing actions the attacker is not authorized for.
Assets Affected
AI Agent
Agent Identity
Agent Communication Protocol (ACP)
Agentic Platform
Mitigation
- Authenticate every handoff with scoped tokens
- bind agent identity to action context
- reject mismatched identity claims
- alert on impersonation patterns.
Standards Mapping
- ISO: A.4.5, A.6.2.6
- OWASP agentic: ASI03, ASI07
- OWASP LLM: LLM06:2025
- EU AI Act: Art. 15(5)
- DASF: Agents-Core 13.9, Agents-MCP Server 13.25
- AIUC-1: B007, B008