Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
A critical flaw in Google Dialogflow CX, dubbed Rogue Agent by Varonis, could have let an attacker with edit rights on one Code Block-enabled agent compromise other agents in the same Google Cloud project. Google fixed the issue, and there is no sign it was used in a real attack. #DialogflowCX #RogueAgent #Varonis #GoogleCloud

Keypoints

  • A flaw in Dialogflow CX could expose all Code Block-enabled agents in one Google Cloud project.
  • An attacker with dialogflow.playbooks.update permission could read conversations and send forged bot messages.
  • Varonis named the issue Rogue Agent and reported it through Google’s Vulnerability Reward Program.
  • The shared Code Block runtime allowed file overwrite, unrestricted outbound internet access, and IMDS exposure.
  • Google fixed the flaw, with no evidence of real-world exploitation.

Read More: https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html