🔍AI RiskAtlas
← Scenario library

The Uninvited Agent

A forged peer registers on the agent directory — and the planner enlists it

Technique first revealed 21 Apr 2025

Multi-Agent System
UntrustedAgent teamOversightExternalgoaladmits / authenticates agents🧑User🗺️Planner Agent🤖Research Agent🤖Coding Agent🤖Comms Agent🔧Tool Runtime🌐UntrustedContent🗄️BusinessDatabase🔌External APIs📈Monitoring &Evals🪪Agent Registry🤖Rogue'approvals'
InstructionsDataActionsControl / decisionFeedback / logs
👆 Click a component to inspect
SetupStep 1 / 6

A team that recruits its own members

The AI team can grow itself. When the manager needs a skill it doesn't have on hand, it searches a shared directory of agents and recruits one that advertises the right capability. Normally that's how it finds the real 'approvals' helper to sign off on sensitive actions.

⚙️Planner discovery policyconfig
discovery:
  enabled: true
  resolve_by: capability        # enlist any agent advertising the needed skill
  registry: shared-agent-directory
  authenticate_agent_identity: false   # <-- no proof of who registered
  admission_allow_list: none           # <-- any agent may be enlisted

AI RiskAtlas is an educational model of how GenAI & agentic systems work and fail. Architectures and payloads are illustrative and simplified for learning — not operational guidance. Real-world cases are summarised from public reporting.

Sources & further reading →·Built by Shi Yuan ↗