confused deputy
Safeguard articles tagged "confused deputy" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Defending LLM agents against confused-deputy attacks on their tool privileges
An LLM agent with tools is a deputy that holds privileges its users do not. Attackers exploit that gap by tricking the agent into using those privileges on their behalf — here is how to design defenses that hold up.
MCPwn (CVE-2026-33032): One Missing Auth Check Turned nginx-ui's MCP Endpoint Into Unauthenticated RCE
nginx-ui added MCP support and split it across two HTTP routes. One route shipped without the auth middleware. The result is a CVSS 9.8 unauthenticated takeover, actively exploited, fixed with 27 characters of code.
Confused Deputy Attacks on CI/CD Service Accounts
Build systems hold broad trust and tight deadlines, which makes them perfect confused deputies. Here is how the attack pattern shows up in modern CI/CD and how to defang it.
AI Agent Tool Confused Deputy Problem in 2026
A senior engineer's take on the confused deputy problem in AI agent tool use, why it keeps reappearing in 2026, and the architectural patterns that actually fix it.
AI Tool Confused-Deputy: A Deep Dive
The confused deputy problem takes on new and subtle forms when AI agents invoke tools on behalf of users. A technical deep dive with concrete mitigations.
Agentic Identity and Privilege Abuse
AI agents now inherit more privilege than they need — and incidents like the Microsoft 38TB SAS-token leak and ServiceNow's Now Assist flaw show what happens when that privilege gets abused.