Kubernetes
Microsoft AzureOverview
AI agents can turn permissions into actions. If an agent has unrestricted tools, wildcard policies, or broad runtime tokens, prompt injection can become data access, infrastructure changes, or lateral movement.
Remediation guidance
Remediation
Scope agent tools to the smallest action set needed by the use case. Disable default service account token mounting for Kubernetes AI workloads unless the token is required, and use dedicated service accounts with bounded permissions.
Rollout guidance
- Identify agent workloads and their enabled tools.
- Remove wildcard tools and administrative permissions.
- Add explicit allowlists, approval gates, and audit logging for high-impact tools.
- Re-scan after the agent configuration is updated.
Query logic
These are the stored checks tied to this control.
AI agents should not run with unrestricted tool permissions
Connectors
KubernetesMicrosoft Azure
Covered asset types
AI ServicesDeploymentPodService Account
Expected check: eq []
{
azureAIFoundryProjects(where: { toolPermissions_INCLUDES: "*" }) { ...AssetFragment }
azureMachineLearningEndpoints(where: { toolPermissions_INCLUDES: "*" }) { ...AssetFragment }
pods(where: { annotations_SOME: { key: { eq: "cyscale.com/ai-signals" }, value_MATCHES: "(?i).*agent.*" }, OR: [ { automountServiceAccountToken: { eq: true } } { isAutomountServiceAccountTokenSet: { eq: false } } ] }) { ...AssetFragment }
deployments(where: { podTemplate: { annotations_SOME: { key: { eq: "cyscale.com/ai-signals" }, value_MATCHES: "(?i).*agent.*" }, OR: [ { automountServiceAccountToken: { eq: true } } { isAutomountServiceAccountTokenSet: { eq: false } } ] } }) { ...AssetFragment }
serviceAccounts(where: { annotations_SOME: { key: { eq: "cyscale.com/ai-service" }, value: { eq: "true" } }, OR: [ { automountServiceAccountToken: { eq: true } } { isAutomountServiceAccountTokenSet: { eq: false } } ] }) { ...AssetFragment }
}
