← Back to Briefing
Critical Vulnerability in Google Vertex AI SDK Allowed Cross-Tenant RCE
Importance: 92/1003 Sources
Why It Matters
This vulnerability underscores significant supply chain risks in AI platforms and highlights the potential for severe data breaches or system compromise across cloud tenants if not properly secured. It emphasizes the critical need for continuous threat modeling and security validation in AI infrastructure.
Key Intelligence
- ■Unit 42 discovered a critical deserialization vulnerability, dubbed "Pickle in the Middle," in the Google Vertex AI SDK.
- ■This flaw enabled attackers to hijack legitimate model uploads and achieve cross-tenant Remote Code Execution (RCE) through a "bucket squatting" technique.
- ■The vulnerability exploited insecure deserialization of Python `pickle` objects, allowing arbitrary code execution when a malicious model was loaded.
- ■Google has since patched the vulnerability, reinforcing the need for robust security in AI/ML development and deployment pipelines.
Source Coverage
Google News - AI & Models
6/16/2026Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE - Unit 42
Google News - AI & Models
6/16/2026Reachability makes AI threat modeling worth the trust - Help Net Security
Google News - AI & Models
6/16/2026