Google Cloud's Dialogflow CX platform has been found to have critical vulnerabilities that could allow threat actors to hijack AI agents, access chat logs, and steal credentials, with further coverage provided by Tech Radar.Security researchers at Varonis discovered flaws in Google Cloud's Dialogflow CX, a platform used for building chatbots. The vulnerability allowed attackers with basic permissions to inject malicious code into custom Python snippets, known as Code Blocks, within conversation playbooks. These blocks executed in a shared Cloud Run environment with excessive privileges and a writable filesystem, enabling attackers to overwrite key files, exfiltrate chat logs, and steal credentials. Because the Cloud Run environment was shared across all agents in a project, a single compromised agent could potentially control all others. The attack was also nearly undetectable through Cloud Logging.Google patched the vulnerability between April and June 2026. Researchers advise users to review audit logs for suspicious activity and manually inspect Code Blocks for unauthorized code.Source: Tech Radar
Vulnerability Management
Google Cloud Dialogflow CX vulnerability allowed AI agent hijacking

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



