Security · 3h ago
Dialogflow CX Flaw Let Attackers Hijack Google Cloud Chatbots
A critical flaw in Google's Dialogflow CX allowed attackers with edit rights on one agent to compromise other agents in the same Google Cloud project. Attackers could read live conversations, steal user data, and make bots send malicious messages. Security firm Varonis discovered the vulnerability, which has since been patched by Google.
Meridian48 take
The flaw highlights the risks of shared cloud environments, where a single compromised agent can cascade into a broader breach.
Read the full reporting
Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots →
The Hacker News
google-cloudchatbot-security