Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
Summary
Researchers discovered a security vulnerability in Google Cloud's Vertex AI platform where AI agents could be compromised to steal sensitive data and access private cloud resources. The problem stems from the default service agent (P4SA, a special account that runs the AI agent) having excessive permissions, allowing attackers to extract credentials and gain unauthorized access to cloud storage, private code repositories, and internal Google infrastructure.
Solution / Mitigation
Google updated its documentation to explain how Vertex AI uses resources and accounts. The company recommended that customers use Bring Your Own Service Account (BYOSA) to replace the default service agent and enforce the principle of least privilege (PoLP, giving the agent only the permissions it needs to do its job).
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/03/vertex-ai-vulnerability-exposes-google.html
First tracked: March 31, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%