04·Cross-agent privilege escalation: how a sub-agent hijacks the orchestrator

Introduction

Multi-agent systems introduce a new class of vulnerabilities: an agent can become an attack vector against other agents in the same system. Cross-agent privilege escalation is a scenario in which a compromised or malicious sub-agent injects instructions into its action results, coaxing the orchestrator — with broader permissions — into performing operations the sub-agent cannot access directly. This lesson analyses the mechanisms, defence patterns, and isolation architecture.