When trusted tools go rogue: The return of the ‘Confused Deputy Problem'
Known as the 'Confused Deputy Problem,' this flaw sees trusted software - such as administrative tools, privileged scripts, or even AI agents - being manipulated to misuse their powers on behalf of less-privileged applications operating autonomously or by users. And in today's rapidly evolving threat landscape, the consequences are more severe than ever.
From compiler quirk to enterprise crisis
The confused deputy problem isn't new. First described by computer scientist Norm Hardy in 1988, it referred to a case where a compiler (legitimately empowered to write to billing files) was tricked by less-privileged applications into overwriting those sensitive files. The applications themselves didn't have the necessary access, but the compiler acted on their behalf, unwittingly executing their intent.
Fast forward to today, and this fundamental breakdown of privilege separation is now playing out in some of the most advanced enterprise systems, including those that rely on artificial intelligence, automation, and cloud-native infrastructure.
In most modern enterprises, trusted systems or processes - like automation scripts, CI/CD pipelines, and privileged service accounts - are the deputies. These programs are entrusted with elevated access because they serve as conduits to essential business functions. However, if they lack mechanisms to evaluate the context of the commands and honour least privilege performing functions, they can be exploited just as easily as Hardy's compiler.
The problem becomes even more alarming when applied to Agentic AI which are tools that act independently to complete tasks using delegated authority. If these AI agents are manipulated into making requests or executing operations they weren't intended to, they become confused deputies on a much larger scale.
Real-world risks
The confused deputy issue surfaces in multiple ways across enterprise IT today. These include: SuDo misuse: Scripts with superuser privileges can be hijacked by untrusted inputs, elevating user privilege without directly attacking the OS.
Scripts with superuser privileges can be hijacked by untrusted inputs, elevating user privilege without directly attacking the OS. CI/CD exploits: Shared service accounts in development pipelines can be coerced into leaking secrets or deploying malicious artifacts, especially in the absence of role isolation and context validation.
Shared service accounts in development pipelines can be coerced into leaking secrets or deploying malicious artifacts, especially in the absence of role isolation and context validation. Cloud token abuse: In AWS or Azure environments, services can inadvertently use their assumed roles to fulfill malicious requests initiated by compromised peers, turning secure microservices into agents of privilege escalation.
Why the problem persists
Despite increasing awareness and tooling, the confused deputy problem persists largely because enterprises have not fully embraced the principle of least privilege. That is, systems, applications, and users continue to have more access than they need. What's more, the explosion of machine identities, such as automated services, scripts, bots, and now AI agents, has made it far harder to track privilege boundaries. Machines now communicate with other machines more frequently than humans do, and without adequate oversight, these interactions become fertile ground for exploitation.
Reimagining Privileged Access Management
To confront this resurgent threat, businesses must rethink their approach to Privileged Access Management (PAM). It's no longer enough to store secrets or manage user credentials. Modern PAM must be dynamic, context-aware, and tightly integrated into every aspect of the IT ecosystem.
Key strategies to consider include: Command validation and filtering: Systems should whitelist commands, sanitise inputs, and block privilege escalation via indirect parameters.
Systems should whitelist commands, sanitise inputs, and block privilege escalation via indirect parameters. Context-aware decisions: Access should be evaluated based on behavioural context and not just identity. Why is a session being initiated? What other systems has the user accessed? What's the broader pattern?
Access should be evaluated based on behavioural context and not just identity. Why is a session being initiated? What other systems has the user accessed? What's the broader pattern? Segregation of duties: Different roles and accounts should be used for automation, deployment, and debugging. A single account with broad entitlements poses a massive risk if compromised.
Different roles and accounts should be used for automation, deployment, and debugging. A single account with broad entitlements poses a massive risk if compromised. Real-time monitoring and forensics: PAM solutions must include session recording, keystroke logging, and audit trails to detect both deliberate abuse and accidental misuse.
AI's double-edged sword
Agentic AI represents both the future and the frontier of the confused deputy problem. These systems are capable of incredible operational gains, but their autonomous nature makes them ripe for exploitation.
A prompt, parameter, or request that seems benign on the surface can trigger actions that cause significant harm or data leakage, especially if the agent can't distinguish between valid commands and malicious manipulation.
This isn't just a technical flaw but a governance challenge. Enterprises must ensure that, as they embrace AI and automation, they do so with controls that prioritise intent verification, privilege minimization, and oversight.
A strategic imperative
The confused deputy problem is no longer a relic of early computing. It's a central challenge for modern digital security. As organisations deploy more intelligent and powerful tools, they must recognise that privilege without perspective is an attack vector in its own right.
To prevent trusted systems from becoming dangerous liabilities, enterprises need to enforce least privilege not just as a policy, but as a design principle embedded in every layer of infrastructure, automation, and AI deployment.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
17 hours ago
- Techday NZ
Ventia adopts AI platform to speed up major infrastructure bids
Ventia has implemented an AI-powered platform, developed in partnership with DXC Technology, to streamline its bid writing process for major infrastructure contracts across Australia and New Zealand. Automation of bid writing The new platform, known as Tendia, automates the search, collation, and drafting of early-stage bid content – a process previously measured in days, now reduced to minutes. The solution is designed to help Ventia's teams prepare responses more quickly and accurately for complex, high-value tenders within its extensive operations. Tendia was developed by DXC's data, AI, and cloud experts, utilising Amazon Web Services (AWS) technologies including Amazon Bedrock and Kendra. The system is trained on Ventia's historical submissions to ensure that its outputs are relevant and accurate for current tender requirements. More than 10,000 AWS-certified professionals at DXC have contributed technical and security support to ensure the solution is viable at scale and enterprise-ready. The implementation of Tendia is seen as a practical demonstration of generative AI's expanding role beyond pilot projects, addressing complicated, document-heavy business processes at enterprise scale. Operational benefits for Ventia Ventia, one of the largest infrastructure service providers in the region, previously faced significant time and resource challenges preparing major tenders. The company has access to a workforce of more than 35,000 people operating across over 400 sites. Addressing these pressures was a primary driver for developing an AI-powered solution that could assist its teams in focusing on higher-value work within the bidding process. "Working with DXC, we've been able to improve the speed and quality of our bid development process. Tendia enables our teams to focus on higher-value work, deliver more accurate proposals, and respond faster to complex, multi-million-dollar tenders. This project marks the first phase of Ventia's broader AI adoption strategy to improve how we support clients and deliver services across the business." Ventia's General Manager for Strategy, Digital & Corporate Affairs, Em Hogan, pointed to these advantages, noting that the initiative is part of a wider programme to extend AI adoption across the organisation and its services. Technical background and partnership DXC's data, AI, and cloud teams worked closely with Ventia throughout the project, integrating AWS services such as Amazon Fargate, Kendra, and Cognito to deliver the Tendia solution. These components enable rapid, context-aware content generation and secure access for teams across different business units and geographies. "This collaboration shows how AI can support business-critical operations – within the public sector," said Seelan Nayagam, President, Asia Pacific, Middle East & Africa, DXC Technology. "We have drawn on our global scale and cross-industry AI experience to help Ventia turn an initial concept into an enterprise-ready solution. With over 10,000 AWS skilled resources and more than 15,000 experts trained through DXC's AI Academy and AI-Xcelerate programs, we're delighted to be supporting Ventia as it extends AI applications across more parts of its business," said Nayagam. DXC emphasised that its partnership with Ventia demonstrates how technology and global expertise can be applied to overcome barriers to generative AI use within critical business functions. The company's Consulting & Engineering Services team has a remit to operate and optimise mission-critical systems, including the co-creation and delivery of solutions based on automation and AI technologies. Productivity and security considerations The deployment of Tendia comes against a backdrop of growing demand for efficiency and accuracy in high-stakes processes such as infrastructure tenders. By automating the early stages of bid development, Ventia expects its staff to be able to dedicate more time to the strategic aspects of crafting proposals tailored to client needs and sector requirements. Tendia's support for compliance and data security is grounded in DXC's scale and AWS certifications, providing additional assurance for both technology stakeholders and business users. Both organisations have indicated that the platform's introduction represents only the initial stage in broader AI integration efforts across Ventia's operations, with further developments and expansions expected in the future.
Techday NZ
19 hours ago
- Techday NZ
Unit4 ERPx launches on Microsoft Azure Marketplace worldwide
Unit4 ERPx is now available in the Microsoft Azure Marketplace, expanding access to the company's cloud-native enterprise resource planning (ERP) platform for organisations worldwide. Unit4 has made its ERPx solution accessible to Microsoft Azure customers, allowing them to deploy and manage the platform through the Azure cloud. Unit4 ERPx is positioned as a modular and flexible tool designed for service-based sectors, specifically Public Sector, Nonprofit, and Professional Services organisations. According to Unit4, ERPx delivers tailored solutions that integrate with existing organisational ecosystems to reduce disruptions during implementation. The platform operates as software as a service (SaaS) and incorporates artificial intelligence capabilities, including workflow automation and proactive alerts. By providing industry-specific models, ERPx aims to support rapid implementation and shorten the time to measurable benefits for organisations. The platform covers areas such as financial management, human resources, procurement, and project management, with an emphasis on streamlining operations and maintaining compliance requirements. The platform is described as fostering improved collaboration across HR, finance, and project teams, with a focus on delivering real-time insights to support informed decision-making. "Partnering with Microsoft represents an exciting step forward in our mission to empower organisations with tailored, industry-specific solutions. By combining the strengths of Unit4 ERPx with Microsoft's robust ecosystem, we're enabling businesses to streamline operations, enhance collaboration, and adapt to evolving market demands with greater agility and precision," said Vera Batyalova, VP Partner Sales, Unit4. The Microsoft Azure Marketplace serves as an online market where companies can find, evaluate, and purchase a variety of certified solutions for use on the Azure cloud platform. The addition of Unit4 ERPx to the Marketplace provides Azure users with additional options for integrating cloud-based ERP systems into their technology stack. "Microsoft welcomes Unit4 ERPx to Azure Marketplace, where global customers can find, try, and buy from among thousands of partner solutions. Azure Marketplace and trusted partners like Unit4 help customers do more with less by increasing efficiency, buying confidently, and spending smarter," said Jake Zborowski, General Manager, Microsoft Azure Platform at Microsoft. The Azure Marketplace aims to facilitate connections between organisations searching for cloud-based digital solutions and the partners who develop and deliver them. Unit4's inclusion in the Marketplace expands its potential reach among Microsoft's global customer base. Unit4 provides next-generation ERP solutions to more than 4,700 customers across various sectors, including professional services, nonprofits, and the public sector. Its platform focuses on integrating modules for financials, procurement, project management, and human resources management to enable customers to access real-time data and generate organisational insights. Among the organisations using Unit4 ERP solutions are Southampton City Council, Metro Vancouver, Buro Happold, Devoteam, Save the Children International, Global Green Growth Institute and Oxfam America.
Techday NZ
2 days ago
- Techday NZ
Exclusive: AI drives new cyber threats & resilience strategies in APJ
There is both opportunity and risk, as artificial intelligence (AI) is adopted at enterprises across the region, according to Ben Young, Field CTO for APJ at Veeam. He also sees businesses are under pressure not only to adopt new technologies but also to shore up their defences as adversarial groups increasingly harness the same innovations for malicious purposes. "Every single vertical can benefit from some form of AI adoption," Young asserts. "But it's a double-edged sword. Just as we're trying to innovate, the threat groups-cyber adversaries-are leveraging AI as well." He points to the growing accessibility of AI-powered toolkits that lower the bar for launching attacks: "There are tools you can buy for a few hundred USD a month as a subscription, and they allow non-experts to write malware or deploy very convincing phishing campaigns. Large language models can push spear phishing click-through rates from industry averages of 12% up to 54%." This sharp escalation in the sophistication and volume of threats comes at a pivotal time when organisations are also accelerating their AI strategies. Veeam, which originally established its brand in backup and disaster recovery, is rapidly expanding its portfolio to address an evolving landscape, protecting hybrid environments, SaaS platforms, and even providing storage for backup workloads. Young notes that the company's partnerships, especially with Microsoft on Azure, have enabled it to offer backup-as-a-service while leveraging global economies of scale-critically, with "no egress and no API transaction fees." However, he's quick to add that adaptability is part of its core: "It's on the roadmap for other clouds to run these things, because not everyone's an Azure shop." The broadening definition of business resilience now brings backup and security disciplines much closer together. 90% of cyber attacks focus on backup repositories, which has resulted in disaster recovery and cybersecurity being intertwined. "Backups are the last resort, and threat actors know it. If they take out your backups, your only options are to pay the ransom and hope for the best," Young explains. Veeam's acquisition of CoveWare, an incident response firm, enables the direct integration of real-world telemetry and threat intelligence into Veeam's product development and customer education initiatives. Changing regulations are also playing a critical part. The recently enacted Japanese cyber defence bill mandates the reporting of ransomware incidents and the development of regular response plans. Young applauds this direction, noting, "It's critical we talk about incidents-otherwise these are not board-level discussions and security teams struggle for budget." He points out that cyber extortion is no longer a niche risk. Financial institutions and public sector organisations, in particular, are contending with increasingly sophisticated AI-enabled attacks while balancing compliance, governance, and privacy regulations across diverse national boundaries. The surge in 'shadow IT'-where departments launch unsanctioned SaaS, AI applications or cloud projects-presents new blind spots. "We're seeing lots of little shadow IT projects, especially as people rush to experiment with AI. When that gets to production, who is looking after that system? It's the same shadow IT problem we've seen for years, now amplified by the ease of consuming AI services," Young says. This requires a step change in visibility. Veeam is responding by mapping and analysing customers' data footprints and building automated support, monitoring, and reporting features through its observability platform. The company's AI-powered 'Veeam Intelligence Engine' is designed to suggest remediations, generate code samples, and flag risks in natural language-"making support and reporting far more accessible," says Young. The complexity of emerging architectures compounds the challenge of AI adoption. "We're really good at protecting databases and webservers because we know what they are and how to back them up. But with the introduction of vector databases, AI agents, and model training checkpoints, we need new strategies," Young explains. The potential cost and risk of a failed AI project, such as losing weeks of model training due to corrupted data, is prompting enterprises to consider backup and recovery for infrastructure previously outside the IT remit. "Agents are going to be central to the future, especially with more reliable, reflective AI systems. The good news is, most of these platforms run on environments-Kubernetes, cloud infrastructure-that we already protect." Young identifies security lapses as a persistent oversight in the current rush to implement AI: "It's the shiny new thing, and the basics can be forgotten. If we can get people thinking about security as part of their DNA while deploying AI, they'll be better off." He cautions that most SaaS providers operate a shared responsibility model: "Microsoft or Salesforce take care of the platform, not your data. If it's deleted from the cloud, it's gone-vendors won't provide a full backup. Your data is your responsibility." Against this backdrop, keeping pace with threats requires organisation-wide preparation. Veeam's customer workshops and regular incident simulations demonstrate a commitment to education as a proactive defence. "Preparation is the key: practice and plan. Use your tools, test your backups, scan for vulnerabilities, and have a response plan. Yara signature rules, for example, can be imported to scan for specific attack strains in backup archives," Young says, emphasising the importance of practical readiness over theoretical robustness. Young notes that Veeam's AI and resilience roadmap is anchored in five pillars: infrastructure resilience, intelligence, security pre- and post-attack, and business value extraction from archived data. The company's long-standing data integration API, for instance, enables the surfacing of unstructured data, ranging from images to documents, for AI applications, analytics, or compliance. "AI applications require fuel, and that fuel is data. Unlocking value from our organisations means thinking beyond expensive, monolithic data lakes, and instead focusing on the ability to extract insight from all data sources, structured or not." "Our role is to assist with growing compliance, governance, and regulatory requirements, but also to bring responsible, opt-in AI features to our customers and to help make data protection, cybersecurity, and digital transformation board-level priorities," Young concludes. "It's critical we talk about incidents-it raises awareness across all organisations. If we don't, it's not going to be a board-level discussion, and teams will struggle to get budget for this stuff."
