Forensic Summary
Unit 42 researchers discovered critical privilege escalation and data exfiltration vulnerabilities in Google Cloud Platform's Vertex AI Agent Engine, demonstrating how a deployed AI agent can be weaponized to compromise an entire GCP environment through excessive default permissions on service agents. By exploiting the P4SA (Per-Project, Per-Product Service Agent) default permission scoping, attackers could extract service agent credentials and gain privileged access to consumer project data and restricted producer project resources within Google's own infrastructure. Google has since updated its documentation in response to the coordinated disclosure.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/double-agents-exposing-security-blind-spots-in-gcp-vertex-ai/
Top comments (0)