THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesApr 3, 2026

AI agents can turn into "double agents" if compromised. Our research found a critical permission...

Google Cloud Vertex AI Agent Engine has critical permission flaw enabling unauthorized access and data exfiltration.

Read at source

Summary

Security researchers discovered a critical permission vulnerability in Google Cloud's Vertex AI Agent Engine that could allow compromised AI agents to act as "double agents," gaining unintended access and enabling data exfiltration. The flaw stems from overly permissive default configurations that fail to adequately restrict agent capabilities. This represents a significant risk for organizations deploying AI agents in production environments.

Entities

Google (vendor)Google Cloud Vertex AI Agent Engine (product)AI agents (technology)