Palo Alto Networks Unit 42 has identified a chain of security risks in Google Cloud′s Vertex AI platform that can allow autonomous agents to gain broader access than intended.
The research focused on Vertex AI Agent Engine, a platform used to build and deploy autonomous AI agents that interact with enterprise systems and data, and found that service accounts tied to deployed agents were granted overly broad permissions.
Unit 42 showed how a seemingly legitimate agent could extract its own credentials and then use them to access cloud storage, retrieve deployment configurations, and view restricted internal components supporting the AI platform, effectively acting as a double agent.
The researchers emphasized that the issue was not a single software flaw, but a chain of misconfigurations and design gaps that together expanded agent access, and that such over-permissioned agents can act like trusted insiders rather than external attackers.
After responsible disclosure by Unit 42, Google updated its documentation to clarify how Vertex AI uses service accounts and permissions, a move noted by the researchers as part of the immediate industry response.
Implications Mitigation And Broader Identity Focus
Security coverage of cloud identity stresses that identity has become the new perimeter, and organizations must manage identities for employees, customers, partners, and applications across hybrid and multi-cloud setups.
That coverage recommends established practices such as multi-factor authentication, single sign-on, privileged access management, and identity governance, along with Zero Trust principles and continuous monitoring of user behavior.
Unit 42 and the identity coverage converge on common mitigations, including enforcing least-privilege access, using dedicated custom service accounts like Bring Your Own Service Account, validating permission boundaries, and restricting OAuth scopes to curb unnecessary access.
The Palo Alto writeup also listed vendor tools that can assist, naming Prisma AIRS, Cortex AI-SPM, and Cortex Cloud Identity Security as solutions to help address emerging AI security gaps.
Separately, notice of an industry move shows OpenText and S3NS partnering to deliver European sovereign cloud solutions with Google Cloud, though source content was protected and offered no further publicly available details.
