Vulnerability Management

Google Cloud Dialogflow CX vulnerability allowed AI agent hijacking

Google Cloud sign is displayed at Google campus in Silicon Valley - Sunnyvale, California, USA - November, 2019

Google Cloud's Dialogflow CX platform has been found to have critical vulnerabilities that could allow threat actors to hijack AI agents, access chat logs, and steal credentials, with further coverage provided by Tech Radar.

Security researchers at Varonis discovered flaws in Google Cloud's Dialogflow CX, a platform used for building chatbots. The vulnerability allowed attackers with basic permissions to inject malicious code into custom Python snippets, known as Code Blocks, within conversation playbooks. These blocks executed in a shared Cloud Run environment with excessive privileges and a writable filesystem, enabling attackers to overwrite key files, exfiltrate chat logs, and steal credentials. Because the Cloud Run environment was shared across all agents in a project, a single compromised agent could potentially control all others. The attack was also nearly undetectable through Cloud Logging.

Google patched the vulnerability between April and June 2026. Researchers advise users to review audit logs for suspicious activity and manually inspect Code Blocks for unauthorized code.

Source: Tech Radar

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds