AI 'double agents' - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  AI 'double agents'
De:       Max Stubbs
Data:     Mon, 6 Apr 2026 09:58:10 -0700
-----------------------------------------------------------
  Re: AI 'double agents'
  By: Mike Powell to All on Thu Apr 02 2026 10:49 am

 > 'What if the AI agent you just deplo
 > was secretly working against you?':
 > Vertex AI 'double agent' flaw expose
 > customer data and Google's internal
 > code
 > 
 > Date:
 > Wed, 01 Apr 2026 15:25:00 +0000
 > 
 > Description:
 > Misconfigured AI agents can lead to
 > data disclosure and other risks.
 > 
 > FULL STORY
 > Cloud misconfigurations are
 > one of the biggest causes of data
 > leaks, but now we have another form 
 > misconfiguration to worry about - AI
 > agents.
 > 
 > Unit 42, Palo Altos cybersecurity ar
 > has revealed new analysis showing ho
 > an AI agent deployed in the Google
 > Cloud Platform (GCP) Vertex AI Agent
 > Engine can be turned into a double
 > agent - doing nefarious work while
 > appearing to serve its intended
 > purpose. Vertex AI is the main AI/ML
 > platform from Google Cloud, where
 > developers can build and deploy mach
 > learning models and generative AI ap
 > The Agent Engine is what turns model
 > into autonomous agents.  However, Un
 > 42 notes that if theyre not careful
 > with permissions, users can leave th
 > agents vulnerable to takeovers.
 > 
 > By exploiting a significant risk in
 > default permission scoping and
 > compromising a single service agent,
 > reveal how the Vertex AI permission
 > model can be misused, leading to
 > unintended consequences, the report
 > states.
 > 
 > The researchers first deployed a cus
 > AI agent using Vertex AIs ADK in a
 > controlled environment and then
 > discovered that the agents default
 > service account (P4SA) had excessive
 > permissions.
 > 
 > Then, using a custom-built malicious
 > tool , they were able to extract
 > service agent credentials from the
 > metadata service, and then use those
 > pivot into the consumer project. Thi
 > gave them unrestricted read access t
 > all Cloud Storage data, as well as t
 > producer (Google-managed) environmen
 > 
 > This exposed restricted Artifact
 > Registry repositories, allowing the
 > researchers to download private
 > container images, enumerate internal
 > resources and inspected artifacts, a
 > reveal proprietary source code and
 > internal infrastructure details.
 > 
 > "Gaining access to this proprietary
 > code not only exposes Google's
 > intellectual property but also provi
 > an attacker with a blueprint to find
 > further vulnerabilities," the
 > researchers explained in the paper.
 > 
 > In response, Google updated its
 > documentation, to better explain how
 > Vertex
 > AI uses resources, accounts, and
 > agents. The company is now recommend
 > customers use Bring Your Own Service
 > Account (BYOSA) to replace the defau
 > ones.
 > 
 > Link to news story: https://www.tech
 > ar.com/pro/security/what-if-the-ai-a
 > t-you-just-deployed- was-secretly-wo
 > ng-against-you-vertex-ai-double-agen
 > law-exposes-customer-
 > data-and-googles-internal-code
 > 
 > $$

It is really something that the
Conspiracy board is just full of real
news stories, where I'd wager once
upon a time this was UFO theories and
pothead plots. What a time now live in.
Interesting times, indeed.


--Just Post, World Is A Fuck!--

This Quality Shit-Post Brought 
To You Via Commodore 64 Ultimate
--- SBBSecho 3.37-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

-----------------------------------------------------------
[Voltar]