Agent impersonation is when a malicious actor or a rogue AI agent poses as a trusted agent, user, or service to gain access, issue commands, or exfiltrate data. In multi-agent systems it exploits weak agent identity: if agents accept instructions from other agents without verifying who they truly are, an attacker can inject a fake agent or spoof a legitimate one and have its commands trusted. The consequence is that authority flows to the wrong party — a privileged agent acts on a forged request. The core defense is strong, verifiable agent identity: authenticate every agent-to-agent and agent-to-tool call with signed credentials or mutual TLS.
Multi-agent systems route tasks between specialized agents and shared tools. Many early designs trust the channel rather than the sender — any message that arrives on the internal bus is treated as coming from a legitimate agent. An attacker who can post to that bus, register a new agent, or replay a captured message can impersonate a trusted component. Because downstream agents act on their own privileges, the forged request executes with real authority.
Agent impersonation maps onto OWASP's agentic-AI risks around identity, trust, and excessive agency, and it is catalogued in the CASURA taxonomy of AI-agent vulnerabilities. As multi-agent and agent-to-agent (A2A) architectures spread in 2025–2026, verifiable agent identity has become the foundational control: without it, every other agent-security measure can be bypassed by a convincing forgery.