Orphaned AI agents with disabled or removed owners may indicate adversary activity leveraging abandoned resources to persist or execute malicious payloads. SOC teams should proactively hunt for this behavior in Azure Sentinel to identify potential security gaps and mitigate risks associated with unaccounted AI agents.
KQL Query
let EnabledAccountUpns =
IdentityInfo
| where IsAccountEnabled == 1
| distinct AccountUpn;
AIAgentsInfo
| where RegistrySource != "A365"
| summarize arg_max(Timestamp, *) by AIAgentId
| where AgentStatus != "Deleted"
| where not(OwnerAccountUpns in (EnabledAccountUpns))
| project-reorder AgentCreationTime, AIAgentId, AIAgentName, AgentStatus, CreatorAccountUpn, OwnerAccountUpns
id: 5e0f4a6b-7c8d-9e0f-1a2b-3c4d5e6f7a8b
name: AI Agents - Orphaned Agents with Disabled Owners
description: |
This query identifies AI agents whose owners are either disabled or removed from the organization.
Orphaned agents without an active owner pose governance and security risks because no one is accountable for their configuration, updates, or potential misuse.
If these agents remain active, they could retain sensitive connections or perform actions without proper oversight, increasing the risk of unauthorized access or persistence in the environment.
Recommended Action: Assign a new active owner to each orphaned agent or retire the agent if it`s no longer needed. Regularly review ownership to maintain compliance and security governance.
requiredDataConnectors: []
tactics:
- Persistence
- DefenseEvasion
relevantTechniques:
- T1078
- T1562
query: |
let EnabledAccountUpns =
IdentityInfo
| where IsAccountEnabled == 1
| distinct AccountUpn;
AIAgentsInfo
| where RegistrySource != "A365"
| summarize arg_max(Timestamp, *) by AIAgentId
| where AgentStatus != "Deleted"
| where not(OwnerAccountUpns in (EnabledAccountUpns))
| project-reorder AgentCreationTime, AIAgentId, AIAgentName, AgentStatus, CreatorAccountUpn, OwnerAccountUpns
entityMappings:
- entityType: Account
fieldMappings:
- identifier: FullName
columnName: OwnerAccountUpns
- entityType: Host
fieldMappings:
- identifier: HostName
columnName: AIAgentName
version: 1.0.0
| Sentinel Table | Notes |
|---|---|
IdentityInfo | Ensure this data connector is enabled |
Scenario: A system administrator disables their own account as part of a role change or organizational restructuring.
Filter/Exclusion: Exclude agents where the owner is a system admin and the account was disabled due to a role change, using a custom field like owner_role = 'admin' or a note in the owner’s profile.
Scenario: A scheduled job or automation tool (e.g., Jenkins, Airflow) runs under a service account that has been disabled or removed.
Filter/Exclusion: Exclude agents associated with service accounts by checking the account_type field or using a tag like account_type = 'service'.
Scenario: A user is removed from the organization during a bulk user deletion process, leaving behind agents they previously owned.
Filter/Exclusion: Exclude agents where the owner was removed in a bulk action by checking a deletion_reason field or a timestamp indicating bulk deletion.
Scenario: A developer creates a test agent using a temporary user account, which is later disabled or deleted after testing is complete.
Filter/Exclusion: Exclude agents created by temporary users by checking the created_by field against a list of known temporary accounts or using a test_env = true flag.
Scenario: A user account is disabled due to a security policy violation, and the user had several AI agents under their ownership.
Filter/Exclusion: Exclude agents where the owner was disabled due to policy violations by checking a disabled_reason field or a custom status like disabled_for_policy.