Vertex AI agents flagged as insider risk
A report warned that autonomous agents on Google Cloud Vertex AI can become insider threats if permissions and service accounts are poorly managed, prompting Google to update guidance and documentation. Recommended mitigations include least‑privilege service accounts, custom credentials per agent and restricted OAuth scopes to limit unintended lateral access. (infotechlead.com)
An artificial intelligence agent on Google Cloud can act like an insider if it is deployed with broad permissions and a shared service account. (unit42.paloaltonetworks.com) Palo Alto Networks’ Unit 42 said in a report published in early April 2026 that a compromised agent in Vertex AI Agent Engine could use default permission scoping and one service agent to move across a Google Cloud environment. Google updated Vertex AI documentation after responsible disclosure, according to Unit 42 and Google’s docs. (unit42.paloaltonetworks.com) (cloud.google.com) Vertex AI Agent Engine is Google Cloud’s system for running software agents that can call tools, use application programming interfaces, and take actions with some autonomy. Google’s documentation says deployed agents run with a service account identity, and that identity carries the roles that determine what the agent can reach. (cloud.google.com 1) (cloud.google.com 2) The risk is not that the model “thinks” like a rogue employee. The risk is that the agent inherits machine credentials, and those credentials can open storage, databases, or other internal services if administrators granted too much access. (unit42.paloaltonetworks.com) (cloud.google.com) Google’s updated guidance now points customers toward tighter identity controls. Recent Vertex AI and Agent Engine documentation tells developers to use custom service accounts, review the roles attached to an agent identity, and avoid relying on broad default access when finer controls are needed. (cloud.google.com 1) (cloud.google.com 2) (cloud.google.com 3) Unit 42 recommended three concrete steps: least-privilege service accounts, separate credentials for each agent, and restricted OAuth scopes so one agent cannot quietly reach unrelated systems. The firm framed the problem as a cloud identity issue that becomes more dangerous when agents can act without a human approving each step. (unit42.paloaltonetworks.com) (infotechlead.com) Google has also started adding detection tooling around agent behavior. Security Command Center documentation published in April 2026 describes Agent Engine threat detection for suspicious token generation, excessive permission denials, and data exfiltration attempts tied to Vertex AI agents. (cloud.google.com 1) (cloud.google.com 2) This is not the first Vertex AI security warning from Unit 42. In late 2024, the firm disclosed research on privilege escalation through custom jobs and model exfiltration from poisoned deployments, both aimed at the same pattern: machine identities with too much reach. (unit42.paloaltonetworks.com) The practical change for companies building agents on Google Cloud is simple and tedious at the same time: treat each agent like a new employee account, not a background automation script. The more authority an agent gets, the more carefully its identity, roles, and logs have to be fenced in. (cloud.google.com) (unit42.paloaltonetworks.com)
