ASR AI Security Radar
Methodology Recent Incidents Get Notified

Back to incidents

AI security incident: Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoi...

Incident date: February 19, 2026 | Published: February 25, 2026 | Source: GitHub Security Advisory | Classification confidence: 66%

This incident is part of the public archive and includes explicit AI-related signals from the cited source material. Review methodology.

Summary The batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. When either endpoint creates a Project resource, creation of subsequent resources from that same payload belonging in that Project's underlying Kubernetes namespace, by design, proceeds using the API server's own permissions. The creator of a new Project automatically becomes its administrator, but those permissions are granted asynchronously by the management controller. The design choice to create the affected resources using the API server's own permissions averts a race and is contextually appropriate.

Why This Is AI-Related

This page is treated as AI-specific because the source material references copilot, which places the issue inside an AI workflow, model, assistant, or supporting dependency rather than a generic software bulletin.

  • copilot

Affected Workflow

Audit SSO, service tokens, plugin credentials, user-to-tool permissions, and admin actions exposed through AI features.

Likely Attack Path

The weakness can let an attacker bypass identity checks or gain higher privileges inside an AI-facing product or workflow.

Impact

The issue can create a path to command execution inside an AI-facing product, plugin, copilot, or supporting service runtime. Severity HIGH. Classification confidence 66%. Source channel GHSA.

Detection And Triage Signals

  • Unexpected admin actions or scope changes from AI-related users
  • Authentication events that skip normal challenge or approval steps
  • New tokens, integrations, or role assignments created without expected workflow traces

Recommended Response

  • Identify every environment that runs the affected AI plugin, assistant, CLI, or supporting package.
  • Patch or isolate the vulnerable component and remove risky execution permissions while validation is in progress.
  • Review process execution, outbound connections, and file-write logs for signs of post-exploitation activity.

Compliance And Business Impact

Identity control failures can expand blast radius quickly because AI tools often bridge multiple internal systems and datasets.

Sources

Want alerts like this in real time?

Get notified with incident context, likely impact, and response guidance.

Get Notified

More incidents