On April 9, 2026, Microsoft patched a vulnerability in Entra ID that should alarm every CISO managing AI agents. The "Agent ID Administrator" role — designed specifically to manage AI agent identities and access — could be abused for privilege escalation and service principal takeover. Let that sink in. The administrative role meant to govern AI agents became the attack vector. The Flaw Silverfort discovered that the Agent ID Administrator role, intended for internal Microsoft Graph PowerShell background processes, was inadvertently available to standard customer service principals. An attacker with this role could take over any service principal in the tenant — including non-agent ones. The vulnerability (CVE-2026-35431, CVSS 10.0) was reported March 1, confirmed March 26, and patched April 9 across all Microsoft cloud environments. But the damage is conceptual, not just technical. Microsoft built an agent identity layer, and that layer itself was exploitable. The guard became the gate.…