Vertex AI Agents Expose Cloud Credentials
On April 1, 2026, Palo Alto Networks' Unit 42 disclosed a critical vulnerability in Google Cloud's Vertex AI Agent Engine that lets attackers exfiltrate credentials and data. Researchers showed malicious agents can use Python pickle payloads to retrieve P4SA credentials from the metadata service, enabling cross-project access to GCS, Artifact Registry, and Workspace. Google collaborated on fixes and recommends BYOSA and least-privilege service accounts.
Scoring Rationale
High-impact, credible disclosure from Unit 42 with Google collaboration. Vulnerability exploits default P4SA permissions across Vertex AI, enabling broad credential exfiltration; concrete BYOSA and least-privilege mitigations make the alert directly actionable.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problemsStep-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.
Sources
- Read OriginalGoogle Cloud’s Vertex AI Hit by Vulnerability Enabling Sensitive Data Accessgbhackers.com
