• Home
• Technology

Researchers at Unit 42, the threat intelligence arm of Palo Alto Networks, have identified a critical security flaw in the Vertex AI Agent Engine within the Google Cloud Platform (GCP). The vulnerability demonstrates how a deployed AI agent can be compromised to act as a "backdoor," gaining unauthorized access to broader resources within the client's environment. By exploiting overly permissive default scopes in the "Service Agent per-project per-product" (P4SA) account, researchers achieved unrestricted read access to Google Cloud Storage buckets and private Artifact Registry repositories.

The analysis revealed that static OAuth 2.0 scopes, which are non-configurable by default, create a significant security blind spot. This weakness could potentially allow an attacker to pivot and access integrated Google Workspace services, including Gmail and Drive. Following a responsible disclosure, Google has collaborated with Unit 42 to update its documentation and now strongly recommends that organizations adopt "Custom Service Accounts" to enforce the Principle of Least Privilege (PoLP) and mitigate the risks associated with broad default permissions.