Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Security Flaw in Vertex AI Risks Google Cloud Data

Security Flaw in Vertex AI Risks Google Cloud Data

Posted on March 31, 2026 By CWS

Cybersecurity experts have identified a critical vulnerability in Google Cloud’s Vertex AI platform that could potentially be exploited to gain unauthorized access to sensitive information. According to a report by Palo Alto Networks’ Unit 42, the problem stems from the excessive permissions granted by default to Vertex AI’s service agents.

Understanding the Vertex AI Vulnerability

The vulnerability is linked to the Per-Project, Per-Product Service Agent (P4SA) associated with Vertex AI. This agent, which is integral to the platform’s operation, is assigned broad permissions by default. These permissions can be misused, enabling an attacker to extract service agent credentials and engage in unauthorized activities.

When an AI agent is deployed through Vertex AI’s Agent Engine, any interaction with the agent triggers a call to Google’s metadata service. This call inadvertently reveals the service agent’s credentials, compromising the isolation of customer projects and granting unrestricted access to Google Cloud Storage buckets.

Potential Consequences and Risks

The implications of this security lapse are significant. With the ability to access sensitive data within Google Cloud Storage, an attacker could transform an AI agent from a useful tool into a serious security threat. This risk is further exacerbated by the exposure of details about Google’s internal infrastructure through the compromised credentials.

Moreover, these credentials also provide access to Google-owned Artifact Registry repositories, allowing unauthorized downloads of container images. This access not only threatens Google’s intellectual property but also offers a roadmap for further exploitation of vulnerabilities in the platform.

Mitigation and Security Recommendations

In response to the discovery, Google has updated its documentation to enhance clarity on the use of resources and permissions within Vertex AI. The company advises users to adopt the Bring Your Own Service Account (BYOSA) approach and adhere to the principle of least privilege (PoLP) to limit permissions strictly to what is necessary for task execution.

As Unit 42 researcher Ofir Shaty emphasizes, deploying AI agents should be treated with the same caution as launching new production code. Organizations are encouraged to validate permission boundaries, restrict OAuth scopes, and conduct thorough security testing before deploying AI agents in production environments.

This incident underscores the importance of rigorous security practices in managing AI and cloud services. As cyber threats evolve, maintaining robust access control and monitoring mechanisms is crucial to safeguarding sensitive data and infrastructure.

The Hacker News Tags:AI security, AI vulnerability, cloud environment, cloud security, Cybersecurity, data breach, Google Cloud, Palo Alto Networks, security risk, Vertex AI

Post navigation

Previous Post: Telegram-Based ResokerRAT Threatens Windows Security
Next Post: TeamPCP Exploits AWS for Data Breaches in Latest Cyberattack

Related Posts

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide The Hacker News
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks The Hacker News
Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure The Hacker News
Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks The Hacker News
Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations The Hacker News
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Severe Bugs in AI Code Editor Risk System Intrusion
  • India Suspends WhatsApp Usernames Over Security Issues
  • Adobe Tackles Major Security Flaws in ColdFusion and Campaign
  • Critical RCE Vulnerabilities Found in Cursor IDE
  • Ousaban Trojan Targets Iberian Banks with PDF Traps

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Severe Bugs in AI Code Editor Risk System Intrusion
  • India Suspends WhatsApp Usernames Over Security Issues
  • Adobe Tackles Major Security Flaws in ColdFusion and Campaign
  • Critical RCE Vulnerabilities Found in Cursor IDE
  • Ousaban Trojan Targets Iberian Banks with PDF Traps

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark