Google's Vertex AI Default Settings Allow Privilege Escalation Attacks

Vertex AI vulnerabilities allow low-privileged users to hijack Service Agent roles, risking unauthorized access to sensitive Google resources.

By Content Team

Jan 18, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Security researchers at XM Cyber discovered that Google's Vertex AI contains dangerous default configurations allowing low-privileged users to hijack powerful Service Agent roles. The vulnerability affects two components: the Vertex AI Agent Engine and Ray on Vertex AI.

Attackers can exploit these flaws through "confused deputy" scenarios, starting with minimal read-only permissions but escalating to remote code execution and credential theft. In one attack path, hackers upload malicious code disguised as legitimate tools, then trigger execution to steal Service Agent tokens from instance metadata.

Google dismissed the findings as "working as intended," despite the risks. The Service Agents receive broad project permissions by default, potentially exposing Cloud Storage, BigQuery, and other sensitive resources to unauthorized access.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Microsoft Blocks Windows 11 Automated Installation After Critical Security Flaw

Mar 16, 2026

Telnyx Python SDK Hit by Expanding TeamPCP Supply Chain Attack

Mar 30, 2026

Massive Healthcare Cyberattack Paralyzes Medical Billing Across America

Mar 6, 2026

Ingram Micro Ransomware Attack Exposes 42,000 People's Personal Data

Jan 19, 2026