Key insight

Privilege escalation means turning small access into bigger access, through two distinct paths: vertical, gaining higher-level access on the same system, and horizontal, reaching a different account at the same level. AI agents add a third path traditional software never had: combining several individually low-risk tools into a capability none of them were meant to allow alone.

Attackers almost never start with the keys to everything. They start small: one low-level account, one stolen password with narrow permissions, one small foothold that on its own is barely worth anything. Privilege escalation is the name for what happens next: turning that small foothold into something considerably larger, and it happens along two distinct, well-named paths.

1 · Starting small: why attackers rarely begin with the keys to everything

A brand-new employee’s account, or a stolen password belonging to one, typically starts with narrow, ordinary access: enough to do one job, nothing more. That starting point is rarely valuable enough on its own to be worth a serious attacker’s time. What makes it worth pursuing is the possibility of turning that small foothold into something much bigger, and that turning process is exactly what privilege escalation describes.

2 · Vertical escalation: turning a guest key into a master key

Vertical escalation means going from ordinary access up to administrator-level access on the very same system, the digital equivalent of a hotel guest finding an unlocked door in the wall behind their own room that leads directly into the master control panel for every lock in the building. It typically exploits a flaw in how a system checks whether a request should really be allowed at a higher level than the account normally holds.

Vertical escalation shown as a low-level account climbing straight up to administrator access on the same system A teal box labelled ordinary account sits at the bottom, with a red glowing arrow pointing straight up to a red box labelled administrator access at the top of the same system, illustrating a rise in permission level within one single system. Ordinary account Administrator
Figure 1. Vertical escalation stays on the same system but climbs straight up in permission level.

3 · Horizontal escalation: opening a stranger's room instead

Horizontal escalation means staying at the exact same permission level, but reaching a different account entirely, the equivalent of a guest’s key card starting to also open a stranger’s room instead of their own, without ever gaining any new administrative power at all. This one is easy to underestimate precisely because no single permission level ever appears to rise; the damage comes purely from reaching accounts, and the data behind them, that were never supposed to be reachable at all.

4 · A worked example: one low-level account, one overlooked script

A newly hired contractor is given a narrow, ordinary account to complete one specific task. That account happens to be able to run one old maintenance script, left over from years earlier, that itself runs with full administrator privileges because nobody ever revisited its permissions after it was first written. The contractor’s account never directly holds administrator access. Running that one overlooked script is enough to escalate vertically anyway, because the script itself was the actual door left unlocked, not the account that walked through it.

5 · The third path: escalation through combination, not a single tool

An AI agent introduces an escalation path traditional software rarely had: combining several individually low-risk tools into a capability none of them were ever meant to allow on their own. A tool that reads file names, a tool that reads file contents, and a tool that sends email might each look perfectly reasonable reviewed in isolation. Combined by an agent pursuing one task, they can be enough to read a sensitive document and quietly send its contents somewhere it was never meant to go, without any single tool’s permission ever technically being violated. Reviewing each tool by itself misses this entirely; the escalation lives in the combination, not in any one permission looked at alone.

Three individually low-risk tools combining into a capability none of them were meant to allow alone Three small teal boxes labelled read file names, read file contents, and send email each connect into a central agent icon, which then connects to a red glowing box labelled a capability nobody approved, illustrating escalation through combination rather than any single permission. Read file names Read contents Send email Agent Capability nobodyapproved
Figure 2. No single tool was ever misused. The escalation happened in the combination.

6 · Defending against escalation on purpose

7 · A simple test you can run this week

Try this before an incident forces the question

1. Pick one ordinary, low-level account or AI agent.
2. List every tool, script, or job it can trigger, even indirectly.
3. Ask what the most powerful thing is that combination could accomplish together.
4. If that answer surprises you, you have found an escalation path.

8 · Glossary — every short-form term, spelled out

Privilege escalation
Turning small, narrow access into bigger access, either by rising to a higher permission level or by reaching a different account.
Vertical escalation
Rising from ordinary access to administrator-level access on the same system.
Horizontal escalation
Staying at the same permission level but reaching a different account entirely.
AI agent
Software that decides, on its own, which tools to call and which actions to take in order to complete a task.
Key takeaways

Attackers start small; privilege escalation is how a small foothold becomes something larger.
Vertical escalation rises in level on the same system; horizontal escalation reaches a different account at the same level.
AI agents add a third path: combining individually low-risk tools into a capability none of them were meant to allow alone.
Review old automation, separate ordinary from administrative access, and review tool combinations, not just single tools.

References

  1. MITRE ATT&CK, Privilege Escalation tactic (TA0004), The MITRE Corporation. attack.mitre.org