'What if the AI agent you just deployed was secretly working against you?': Vertex AI 'double agent' flaw exposes customer data and Google's internal code

Date:
Wed, 01 Apr 2026 15:25:00 +0000

Description:
Misconfigured AI agents can lead to data disclosure and other risks.

FULL STORY
Cloud misconfigurations are
one of the biggest causes of data leaks, but now we have another form of misconfiguration to worry about - AI agents.

Unit 42, Palo Altos cybersecurity arm , has revealed new analysis showing how an AI agent deployed in the Google Cloud Platform (GCP) Vertex AI Agent
Engine can be turned into a double agent - doing nefarious work while
appearing to serve its intended purpose. Vertex AI is the main AI/ML platform from Google Cloud, where developers can build and deploy machine learning models and generative AI apps. The Agent Engine is what turns models into autonomous agents. However, Unit 42 notes that if theyre not careful with permissions, users can leave their agents vulnerable to takeovers.

By exploiting a significant risk in default permission scoping and
compromising a single service agent, we reveal how the Vertex AI permission model can be misused, leading to unintended consequences, the report states.

The researchers first deployed a custom AI agent using Vertex AIs ADK in a controlled environment and then discovered that the agents default service account (P4SA) had excessive permissions.

Then, using a custom-built malicious tool , they were able to extract service agent credentials from the metadata service, and then use those to pivot into the consumer project. This gave them unrestricted read access to all Cloud Storage data, as well as the producer (Google-managed) environment.

This exposed restricted Artifact Registry repositories, allowing the researchers to download private container images, enumerate internal
resources and inspected artifacts, and reveal proprietary source code and internal infrastructure details.

"Gaining access to this proprietary code not only exposes Google's
intellectual property but also provides an attacker with a blueprint to find further vulnerabilities," the researchers explained in the paper.

In response, Google updated its documentation, to better explain how Vertex
AI uses resources, accounts, and agents. The company is now recommending customers use Bring Your Own Service Account (BYOSA) to replace the default ones.

Link to news story: https://www.techradar.com/pro/security/what-if-the-ai-agent-you-just-deployed- was-secretly-working-against-you-vertex-ai-double-agent-flaw-exposes-customer- data-and-googles-internal-code

$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/107)

Re: AI 'double agents'
By: Mike Powell to All on Thu Apr 02 2026 10:49 am

'What if the AI agent you just deplo > was secretly working against you?': Vertex AI 'double agent' flaw expose > customer data and Google's internal code

Date:
Wed, 01 Apr 2026 15:25:00 +0000

Description:
Misconfigured AI agents can lead to
data disclosure and other risks.

FULL STORY
Cloud misconfigurations are
one of the biggest causes of data
leaks, but now we have another form > misconfiguration to worry about - AI > agents.

Unit 42, Palo Altos cybersecurity ar > has revealed new analysis showing ho > an AI agent deployed in the Google
Cloud Platform (GCP) Vertex AI Agent > Engine can be turned into a double agent - doing nefarious work while
appearing to serve its intended
purpose. Vertex AI is the main AI/ML > platform from Google Cloud, where developers can build and deploy mach > learning models and generative AI ap > The Agent Engine is what turns model > into autonomous agents. However, Un > 42 notes that if theyre not careful
with permissions, users can leave th > agents vulnerable to takeovers.

By exploiting a significant risk in
default permission scoping and
compromising a single service agent, > reveal how the Vertex AI permission model can be misused, leading to
unintended consequences, the report
states.

The researchers first deployed a cus > AI agent using Vertex AIs ADK in a controlled environment and then
discovered that the agents default
service account (P4SA) had excessive > permissions.

Then, using a custom-built malicious > tool , they were able to extract service agent credentials from the
metadata service, and then use those > pivot into the consumer project. Thi > gave them unrestricted read access t > all Cloud Storage data, as well as t > producer (Google-managed) environmen >
This exposed restricted Artifact
Registry repositories, allowing the
researchers to download private
container images, enumerate internal > resources and inspected artifacts, a > reveal proprietary source code and
internal infrastructure details.

"Gaining access to this proprietary
code not only exposes Google's
intellectual property but also provi > an attacker with a blueprint to find > further vulnerabilities," the
researchers explained in the paper.

In response, Google updated its
documentation, to better explain how > Vertex
AI uses resources, accounts, and
agents. The company is now recommend > customers use Bring Your Own Service > Account (BYOSA) to replace the defau > ones.

Link to news story: https://www.tech > ar.com/pro/security/what-if-the-ai-a > t-you-just-deployed- was-secretly-wo > ng-against-you-vertex-ai-double-agen > law-exposes-customer-
data-and-googles-internal-code

$$

It is really something that the
Conspiracy board is just full of real
news stories, where I'd wager once
upon a time this was UFO theories and
pothead plots. What a time now live in.Interesting times, indeed.


--Just Post, World Is A Fuck!--

This Quality Shit-Post Brought
To You Via Commodore 64 Ultimate

It is really something that the Conspiracy board is just full of real news stories, where I'd wager once
upon a time this was UFO theories and pothead plots. What a time now live in. Interesting times, indeed.

Because the real news these days sounds like pothead plots? :D

Mike


* SLMR 2.1a * Ultimate office automation: Networked coffee machine.
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/107)