Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
The Hacker News • • technology
Key Points:
- Researchers at Palo Alto Networks Unit 42 discovered a security flaw in Google Cloud's Vertex AI platform where default excessive permissions granted to service agents can be exploited to access sensitive data and compromise cloud environments.
- The Per-Project, Per-Product Service Agent (P4SA) associated with AI agents has overly broad permissions by default, allowing attackers to extract credentials and perform unrestricted read access on Google Cloud Storage buckets within the customer project.
- Stolen credentials also expose access to Google-managed tenant project storage and restricted Google-owned Artifact Registry repositories, enabling attackers to download proprietary container images and potentially discover further vulnerabilities.
- Google has updated its documentation and recommends customers use Bring Your Own Service Account (BYOSA) to enforce the principle of least privilege, limiting agents' permissions to reduce security risks.
- Unit 42 emphasizes treating AI agent deployment with strict security measures, including validating permission boundaries, restricting OAuth scopes, reviewing source integrity, and conducting security testing before production rollout.
![Pixel 11 Pro is thinner, but mostly the same in first leak [Gallery]](https://media-cdn.cashwalklabs.io/https%3A%2F%2Fi0.wp.com%2F9to5google.com%2Fwp-content%2Fuploads%2Fsites%2F4%2F2026%2F03%2Fgoogle-pixel-11-pro-onl-2.webp%3Fresize%3D1200%252C628%26quality%3D82%26strip%3Dall%26ssl%3D1?format=webp&w=120&h=80){kind=tracking}
