Google faces criticism after security researchers find serious flaws in its Vertex AI platform.
Attackers with low permissions can steal high-level access. Google states the system is working as designed.
Companies now must protect themselves.
Vertex AI Vulnerabilities: How Attackers Take Control
Researchers from XM Cyber discover two privilege escalation bugs in January 2026. Attackers need only basic “Viewer” access. They use these flaws to steal powerful service agent credentials.
- First flaw hits Vertex AI Agent Engine: Attacker adds bad Python code to agent tools → gets reverse shell → steals Reasoning Engine Service Agent token → accesses AI chat history, Cloud Storage, BigQuery
- Second flaw hits Ray on Vertex AI: Viewer user opens interactive shell in Console → gains root on cluster head node → steals Custom Code Service Agent token → gets full read-write access to storage and BigQuery
Both bugs use “confused deputy” tricks. Service agents get too many permissions by default. Google does not fix them. Experts call this dangerous for enterprises.
Also read about: ASML Data Breach Denied After False Claims Spread Online
What Companies Should Do Now
Google offers no patch. Security teams must act fast. They need strong controls to stop attacks.
- Audit all Viewer roles and limit them
- Block update permissions on reasoning engines
- Monitor service agent actions with Google Security Command Center
- Watch for unusual AI tool changes or shell access
- Use threat detection for Agent Engine
Experts warn: Many firms do not track service agents. Abuse looks normal. Palo Alto found similar bugs in 2024. Google fixed those but not these. The risk stays high.
More News To Read: