Varonis uncovered a critical flaw in Google Cloud Dialogflow CX, dubbed Rogue Agent, that could let attackers silently control agents, alter conversations, and steal sensitive information. The issue affected Code Blocks running in shared Cloud Run environments and was patched by Google Cloud after disclosure. #DialogflowCX #RogueAgent #GoogleCloud #CloudRun
Keypoints
- Dialogflow CX Code Blocks could be abused to gain control over agent behavior.
- Multiple agents in the same GCP project shared the same Cloud Run execution environment.
- An attacker could overwrite a key file and run malicious Python code through exec().
- The flaw could expose conversations, hijack sessions, and inject phishing prompts.
- Varonis also found a way to bypass VPC Service Controls and target IMDS for access tokens.
Read More: https://www.securityweek.com/google-dialogflow-cx-bug-allowed-attackers-to-hijack-ai-conversations/