Google's Vertex AI Has an Over-Privileged Problem

Summary

Palo Alto Networks researchers discovered that Google's Vertex AI agents can be exploited due to excessive permissions, potentially allowing attackers to steal data and gain unauthorized access to restricted cloud infrastructure. The vulnerability stems from default configurations that grant AI agents more privileges than necessary. This highlights a critical gap in least-privilege implementation for AI workloads in cloud environments.