Experts say they were able to create a rogue agent in Google’s AI platform with just a single edit permission
- Varonis uncovered CVE‑level flaws in Google Cloud Dialogflow CX, where malicious Code Blocks in Playbooks could hijack agents, exfiltrate chat logs, and steal credentials
- Shared Cloud Run environment with excess privileges meant one compromised agent could control all others in a project, with attacks virtually undetectable in Cloud Logging
- Google patched the issue between April–June 2026; researchers advise reviewing audit logs, checking anomalous errors, and manually inspecting Code Blocks for unauthorized code
Researchers recently found a critical vulnerability in Google Cloud’s Dialogflow CX, allowing threat actors to take over different AI agents, access chat logs, and even exfiltrate sensitive data such as login credentials.
Dialogflow CX is Google Cloud’s conversational AI platformused to build many voice and text chatbots. This platform lets developers add Code Blocks, which are custom Python snippets, into conversation “Playbooks”. These blocks all execute inside a single Google-managed Cloud Run service, shared across all agents...
Copyright of this story solely belongs to techradar.com. To see the full text click HERE