GOOGLE’S Vertex AI has been found to carry an over-privileged problem, with Palo Alto Networks researchers showing how excessive default permissions can let an attacker abuse a deployed AI agent to steal data and access restricted cloud infrastructure. They demonstrated a default Per-Project, Per-Product Service Agent (P4SA) account tied to Vertex AI agents, and how credentials could be used to reach sensitive areas of a customer’s Google Cloud Project and even Google’s internal infrastructure.
Google has since updated its official documentation and urged organisations using Vertex AI to adopt least-privilege access, recommending that Agent Engine users Bring Your Own Service Account (BYOSA) to enforce tighter permissions. The findings underline a broader risk: the same credentials could enable covert, ongoing access beyond the intended AI environment if not properly managed.
The article, published on 31 March 2026, quotes the Palo Alto report and notes Google’s response as a move towards greater awareness and control of agent permissions. according to Palo Alto Networks.