Google’s Vertex AI contains default configurations that allow low-privileged users to escalate privileges by hijacking Service Agent roles. XM Cyber researchers identified two attack vectors in the Vertex AI Agent Engine and Ray on Vertex AI, which Google deemed “working as intended. Service Agents are managed identities that Google Cloud attaches to Vertex AI instances
The post Google’s Vertex AI Vulnerability Enables Low-Privileged Users to Gain Service Agent Roles appeared first on Cyber Security News. Read More
Posted inNews