Safeguard
Tag

confused deputy

Safeguard articles tagged "confused deputy" — guides, analysis, and best practices for software supply chain and application security.

6 articles

AI Security

Defending LLM agents against confused-deputy attacks on their tool privileges

An LLM agent with tools is a deputy that holds privileges its users do not. Attackers exploit that gap by tricking the agent into using those privileges on their behalf — here is how to design defenses that hold up.

May 13, 20268 min read
Vulnerability Analysis

MCPwn (CVE-2026-33032): One Missing Auth Check Turned nginx-ui's MCP Endpoint Into Unauthenticated RCE

nginx-ui added MCP support and split it across two HTTP routes. One route shipped without the auth middleware. The result is a CVSS 9.8 unauthenticated takeover, actively exploited, fixed with 27 characters of code.

May 4, 20269 min read
Emerging Technology

Confused Deputy Attacks on CI/CD Service Accounts

Build systems hold broad trust and tight deadlines, which makes them perfect confused deputies. Here is how the attack pattern shows up in modern CI/CD and how to defang it.

Mar 15, 20268 min read
AI Security

AI Agent Tool Confused Deputy Problem in 2026

A senior engineer's take on the confused deputy problem in AI agent tool use, why it keeps reappearing in 2026, and the architectural patterns that actually fix it.

Mar 14, 20267 min read
AI Security

AI Tool Confused-Deputy: A Deep Dive

The confused deputy problem takes on new and subtle forms when AI agents invoke tools on behalf of users. A technical deep dive with concrete mitigations.

Dec 15, 20258 min read
AI Security

Agentic Identity and Privilege Abuse

AI agents now inherit more privilege than they need — and incidents like the Microsoft 38TB SAS-token leak and ServiceNow's Now Assist flaw show what happens when that privilege gets abused.

Nov 16, 20258 min read
confused deputy — Safeguard Blog