Google's Vertex AI Has an Over-Privileged Problem
Summary
Researchers at Palo Alto discovered a security weakness in Google's Vertex AI (Google's cloud platform for building and running AI applications) where AI agents could be given too many permissions, allowing attackers to steal data and access restricted cloud systems. The vulnerability stems from over-privileged configurations that give AI agents more access than they actually need to do their job.
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://www.darkreading.com/cyber-risk/googles-vertex-ai-over-privilege-problem
First tracked: March 31, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%