AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GCP-2026-012

highvulnerability

security

Source: Google Cloud Security BulletinsMarch 11, 2026

Summary

Google Cloud Vertex AI (a machine learning platform) had a vulnerability in versions 1.21.0 through 1.132.x where an attacker could create Cloud Storage buckets (cloud storage containers) with predictable names to trick the system into using them, allowing unauthorized access, model theft, and code execution across different customers' environments. The vulnerability has been fixed in version 1.133.0 and later, and no action is required from users.

Solution / Mitigation

Mitigations have already been applied to version 1.133.0 and later. Update to Vertex AI Experiments version 1.133.0 or later.

Classification

Attack Type

Supply ChainModel TheftModel Poisoning

Attack SophisticationModerate

Affected Vendors

Google

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attackTechCrunch

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

First tracked: March 13, 2026 at 12:56 PM

Classified by LLM (prompt v3) · confidence: 95%