Google Cloud Vertex AI Agents Exploited Due to Excessive Default Permissions

The vulnerability involves AI agents within the Vertex AI platform, which qualifies as AI systems. The exploitation of default permission scoping to weaponize these AI agents directly leads to harm by enabling unauthorized data access and infrastructure compromise, which fits the criteria of an AI Incident under harm to property and critical infrastructure disruption. Therefore, this event is classified as an AI Incident.

The event involves an AI system (Vertex AI agents) whose misconfiguration and excessive default permissions allowed attackers to hijack the AI agents ('double agents') and gain unauthorized access to sensitive data and proprietary code. This directly led to harm in the form of data exposure and intellectual property theft, fulfilling the criteria for an AI Incident. The involvement is through the AI system's use and misconfiguration, causing direct harm. The company's response is complementary information but does not negate the incident classification.

The article explicitly involves an AI system (Google's Vertex AI agents) whose default configuration grants excessive permissions. This has been exploited by attackers to gain unauthorized access to sensitive data and internal systems, constituting harm to property and organizational security. The AI system's use and configuration directly led to these harms, fulfilling the criteria for an AI Incident. The event is not merely a potential risk or a governance update but describes realized harm through exploitation of the AI system's permissions.

The article explicitly involves an AI system (Vertex AI agents) whose deployment and misconfiguration led to unauthorized access to sensitive data and proprietary code, which constitutes harm to property and intellectual property rights. The AI agent was weaponized to act as a 'double agent,' directly causing security breaches. The researchers' findings and the subsequent collaboration with Google to mitigate these risks confirm that harm has occurred and that the AI system's malfunction or misuse was pivotal. Hence, this event meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Google Cloud's Vertex AI Agent Engine) whose default permissions and deployment configuration have been exploited to cause direct harm, including unauthorized data access and potential persistent backdoors. This fits the definition of an AI Incident because the AI system's use and configuration directly led to harm to property and infrastructure (cloud data and systems). The involvement of AI agents and their permissions is explicit, and the harm is realized, not just potential. Therefore, this is classified as an AI Incident.