PUBLISHED on 31 March 2026, The Hacker News reports that cybersecurity researchers have disclosed a security blind spot in Google Cloud’s Vertex AI platform that could allow an AI agent to be weaponised by an attacker to access sensitive data and compromise cloud environments. According to Palo Alto Networks Unit 42, the issue stems from how Vertex AI’s permission model can be misused when the Per-Project, Per-Product Service Agent (P4SA) is granted excessive default permissions.
The team found that a deployed AI agent built with Vertex AI’s Agent Development Kit had these broad permissions by default, enabling the P4SA credentials to be exfiltrated and used to act on behalf of the service agent.
After deploying the Vertex agent via Agent Engine, any call to the agent exposes the service agent’s credentials and details about the hosting GCP project, the AI agent’s identity, and the scopes of the host machine, allowing an attacker to move from the AI agent’s context into the customer project and read data from Google Cloud Storage buckets.
Unit 42 warned that the compromised credentials could also grant access to restricted, Google-owned Artifact Registry repositories and potentially reveal proprietary container images. Google has since updated its documentation and urged customers to use Bring Your Own Service Account and enforce least privilege, with Unit 42 emphasising that broad default permissions violate the principle of least privilege and pose a dangerous security flaw.