Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts - The Hacker News

A vulnerability in Google Cloud's Vertex AI platform allowed for the misuse of the Per-Project, Per-Product Service Agent (P4SA) due to excessive default permissions. This flaw enabled attackers to exfiltrate service agent credentials, gaining unauthorized read access to customer Google Cloud Storage data and proprietary container images from Google's internal Artifact Registry.