Unit 42 researchers disclose RCE vulnerability in Google Vertex AI SDK via bucket-squatting attack

Unit 42 researchers discovered a design flaw in Google's Vertex AI Python SDK where flawed bucket naming logic and missing authentication could allow attackers to hijack and poison AI models outside a developer's Google Cloud project, according to CSO Online. The vulnerability enables remote code execution and model poisoning attacks without authorization.