services / Azure / AKS AI Manager
An AKS AI Manager control-plane resource that provisions and manages AI/ML workload infrastructure on a managed Kubernetes cluster and carries access credentials for the managed resource.
A managed compute/AI resource that runs workloads and exposes credential material via listCredential, making the resource type sensitive.
Microsoft.ContainerService/aiManagers/listCredential/action
This listCredential action returns the AI Manager's credential material (kubeconfig/access keys), exporting usable secret credentials that authenticate as the resource identity for lateral movement and effective account/cluster takeover.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security