A research team has identified and demonstrated a vulnerability in emerging agentic AI systems, including multi-agent control platforms (MCPs) and AI browsers, coined “IdentityMesh.” This newly discovered threat enables sophisticated lateral movement across digital environments by exploiting how AI agents consolidate multiple user identities into a single operational entity.
The research reveals a novel attack pathway that allows adversaries to hijack MCPs and AI browsers for unauthorized cross-system activity. Once triggered, the attack can traverse distinct systems, enabling actions such as data exfiltration, phishing, or malware delivery, even in environments not directly connected to the initial source of compromise.
What sets IdentityMesh apart is its “one-click” attack surface: a legitimate user unknowingly initiates the operation through an otherwise benign action. The AI agent’s unified identity across multiple platforms effectively turns that user into a proxy for malicious activity, bypassing traditional authentication and system segmentation protections.
While past research has focused primarily on security gaps within individual AI agents or platforms, Lasso’s findings highlight the broader risks introduced when multiple identities, each tied to different systems, are merged within a single AI framework. This shift from developer-centric risks to potential exploitation of customer-facing AI tools marks an evolution in the threat landscape.
(AI was used in part to facilitate this article.)