Researchers at Palo Alto Networks demonstrated how AI agents built on Google Cloudβs Vertex AI can be weaponized to exfiltrate data, create backdoors, and compromise infrastructure. They showed that the Per-Project, Per-Product Service Agent (P4SA) has excessive default permissions that attackers can abuse to move from an agentβs execution context into the ownerβs Google Cloud project and storage; #VertexAI #PaloAltoNetworks
Keypoints
- Palo Alto Networks weaponized Vertex AI agents to demonstrate real-world attack chains.
- The research targeted the Vertex Agent Engine and the Agent Development Kit (ADK).
- They found the Per-Project, Per-Product Service Agent (P4SA) granted excessive default permissions.
- Compromised P4SA credentials could expose private container images, Artifact Registry repositories, and Cloud Storage buckets.
- Google updated documentation, recommends BYOSA and least-privilege execution, and stresses controls to protect production images.