A vulnerability in Google Cloud's Dialogflow CX service allowed attackers to gain unauthorized control over conversational agents, manipulate dialogues, and exfiltrate sensitive information. The flaw, termed 'Rogue Agent', was linked to the use of 'Code Blocks' that execute custom Python code within shared Cloud Run environments. Attackers could inject malicious code, compromising user conversations and facilitating phishing attacks.
This critical security breach highlighted the risks associated with shared execution environments and led to the vulnerability being reported in November 2025, with patches rolled out by June 2026.