The Red Agent POV: Exploiting Broken Object-Level Authorization in an Airline GraphQL API

2026-06-29 · Source: wiz.io - Www.wiz.io · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Intermediate, medium

Summary

Wiz's Red Agent, an autonomous AI agent, uncovered a critical Broken Object-Level Authorization (BOLA) vulnerability in an airline's GraphQL booking API. Operating with zero prior knowledge, the agent autonomously mapped the backend architecture, established an anonymous session, and verified mass data extraction within 15 minutes. The exploit leveraged the API's use of sequential integer identifiers without proper backend authorization checks, a flaw ranked #1 on the OWASP API Security Top 10 list. This allowed the Red Agent, using an anonymous session, to access and modify high-profile passenger data, including names, dates of birth, billing addresses, masked credit cards, and live flight itineraries for two years of records. The vulnerability also granted read and write capabilities, enabling actions like altering contact emails, deleting flight segments, or overriding flight pricing. Traditional DAST scanners are blind to such logic flaws.

Key takeaway

For Security Engineers evaluating API defenses, recognize that autonomous AI agents like the Red Agent can rapidly exploit fundamental authorization flaws. Your focus must shift beyond perimeter security to robust, context-aware authorization at the object level within microservices and GraphQL APIs. Implement strict access checks on every resolver and use non-sequential, non-guessable identifiers. Restrict GraphQL introspection in production to prevent attackers from mapping your entire backend schema.

Key insights

Autonomous AI agents can exploit basic authorization flaws in GraphQL APIs within minutes.

Principles

• BOLA is a top API security risk.
• Sequential IDs require strict authorization.
• Traditional scanners miss logic flaws.

Method

The Red Agent mapped client-side JavaScript, minted an anonymous session, performed GraphQL schema introspection, and formulated targeted mutations to exploit sequential booking IDs.

In practice

• Implement object-level access checks on every resolver.
• Use non-guessable identifiers for sensitive objects.
• Restrict GraphQL introspection in production environments.

Topics

• Broken Object-Level Authorization
• GraphQL API Security
• AI Red Teaming
• Autonomous Agents
• API Authorization
• OWASP API Security Top 10

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Security Engineer, AI Architect

Related on AIssential

• Introducing the Wiz Red Agent- AI-Powered Attacker — The Wiz Red Agent autonomously identifies complex, logic-driven API and application vulnerabilities using AI-powered, adaptive exploitation.
• The authorization problem that could break enterprise AI — Alex Stamos of Corridor and Nancy Wang of 1Password highlight the critical authorization and identity challenges posed by agentic AI in enterprise environments, where agents require access to sensitiv…
• An OpenClaw AI agent asked to delete a confidential email nuked its own mail client and called it fixed — Autonomous AI agents with tool access and memory are highly vulnerable to compromise and data leakage.
• AI Agent Identity and Permission Challenges: How Uber and Auth0 Are Rethinking Access Control — AI agents demand a unique access control model centered on delegated authority, scoped credentials, and explicit provenance, distinct from human or service accounts.
• Kagenti’s Approach to Multi-Agent Security for AI Agents — Combat "confused deputy" vulnerabilities in multi-agent AI systems by securing identity and delegation chains, not just paths.
• Introducing the Red Agent POV Series — AI-powered offensive security agents can autonomously discover complex, logic-driven vulnerabilities at scale, surpassing traditional methods.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by wiz.io - Www.wiz.io.