Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Google Cloud Vertex AI Allows Attacker to Hijack Victim's Model and Poison it

A newly disclosed vulnerability in Google Cloud Vertex AI could have allowed attackers to hijack machine learning model uploads and execute malicious code in victim environments, according to research shared with Google under responsible disclosure. The issue affects the Vertex AI Python SDK (google-cloud-aiplatform) and stems from a combination of predictable cloud storage bucket naming and missing ownership validation. Unit42 researchers confi…

Google’s Vertex AI SDK could allow RCE through bucket squatting

A design flaw in the Vertex AI software development kit (SDK) for Python, Google Cloud’s managed platform for building, training, and deploying AI agents, could allow hijacking and poisoning of models outside of a developer’s own Google Cloud project. According to Unit 42 researchers, a combination of bad bucket naming logic and missing authentication made it possible for an attacker to hijack the victim’s project by just knowing their project I…

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty program, calls the technique "Pickle in the Middle" and said it saw no exploitation in the wild.