Recent findings reveal new security flaws in Google’s Vertex AI that could put organizations at risk. These vulnerabilities involve how permissions are assigned to AI service accounts, which may allow low-level users to gain access to high-privilege roles. Security experts warn that these issues highlight a growing problem with managing AI service identities and their default configurations.

Privilege Escalation in Google Vertex AI

XM Cyber uncovered two significant issues with Vertex AI last Thursday. The main problem is that default settings grant low-privileged users the ability to escalate their access. They can potentially hijack service accounts that normally have broad permissions, turning these invisible identities into tools for privilege escalation. When the vulnerabilities were disclosed, Google responded by saying that the system is working as intended, which has raised concerns among security professionals.

This situation is reminiscent of past incidents where major cloud providers dismissed similar security challenges. Vendors often claim that such configurations are ‘by design,’ shifting responsibility away from their defaults. Experts believe this mindset creates a false sense of security, leaving organizations vulnerable to insider threats and misconfigurations.

Why Service Accounts Pose a Risk

At the core of the issue are Google’s Service Agents, which are special accounts created to allow services to access resources and perform internal operations. These accounts are essential for the platform to work smoothly. However, because they are automatically granted broad, project-wide permissions, they can become targets for malicious actors or careless insiders.

XM Cyber explains that attackers with minimal permissions—such as a user with only viewing rights—could potentially manipulate the system to access the service account’s tokens. Once they have these tokens, they can leverage the high-level permissions of the service accounts to move laterally within the environment or access sensitive data. This kind of privilege escalation can be difficult to detect and prevent, especially if default configurations are left unchanged.

Security experts emphasize that cloud providers need to do more than just state that their systems are working as intended. Organizations should not assume that managed services are automatically secure. Instead, they must actively audit and restrict identities and permissions associated with AI workloads to reduce the risk of insider threats or accidental misuse.

Implications for Enterprise Security

The vulnerabilities in Vertex AI highlight a broader challenge in cloud security: trusting managed services to be secure by default can be dangerous. When service identities carry sweeping permissions without proper oversight, it creates a blind spot for security teams. This is especially concerning in AI environments, where the complexity and automation can obscure suspicious activity.

Sanchit Vir Gogia, a chief analyst at Greyhound Research, points out that the trust model behind platforms like Vertex AI is misaligned with enterprise security principles. Managed service agents are designed for convenience, but this often comes at the expense of visibility and control. As a result, organizations need to implement their own controls and regularly audit service identities to catch potential misuse before it leads to a breach.

While Google and other cloud providers may insist their defaults are secure enough, experts warn that relying solely on vendor configurations is risky. Instead, organizations should adopt a layered security approach—restricting permissions, monitoring activity, and verifying configurations regularly. Only then can they truly protect their AI workloads from internal and external threats.

Inspired by

• https://www.infoworld.com/article/4118094/google-vertex-ai-security-permissions-could-amplify-insider-threats-2.html

Sources

• unsplash.com
• rockcyber.com
• orca.security
• aquasec.com
• greyhoundresearch.com