CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...
Hosted on MSN

Researchers warn of Vertex AI agent flaw that could expose cloud data and code

Security researchers have identified a vulnerability in Google’s Vertex AI agent framework that could allow attackers to extract sensitive cloud data and proprietary code through indirect prompt ...
The Hacker News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Google fixed a Vertex AI SDK flaw in v1.148.0 after Unit 42 showed bucket squatting could enable model hijacking and code ...
Hosted on MSN

Vertex AI 'double agent' flaw exposes customer data and Google's internal code

Unit 42 reveals misconfigured Vertex AI agents in Google Cloud can be hijacked into “double agents” Excessive default permissions let attackers pivot, access Cloud Storage, and expose proprietary ...