Double Agents: Exposing Security Blind Spots in GCP Vertex AI
Summary
Researchers discovered that AI agents deployed on Google Cloud Platform's Vertex AI could be weaponized as 'double agents' that secretly compromise systems while appearing to work normally. The vulnerability stems from excessive default permissions granted to service agents (special accounts that allow GCP services to access resources), which attackers can exploit to steal data, access restricted code, and gain unauthorized control over infrastructure. Google addressed this by revising their official documentation to explicitly explain how Vertex AI uses resources and accounts.
Solution / Mitigation
Google revised their official documentation to explicitly document how Vertex AI uses resources, accounts and agents.
Classification
Affected Vendors
Related Issues
Original source: https://unit42.paloaltonetworks.com/double-agents-vertex-ai/
First tracked: March 31, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 92%