Bottom line: A vulnerability in the Vertex AI SDK enables model hijacking and code execution in Google’s infrastructure without project authorization.
A vulnerability in the Google Cloud Vertex AI SDK for Python allows attackers to hijack model uploads from another project and execute code in Google’s infrastructure without gaining access to the victim’s project. Palo Alto Networks Unit 42 discovered the flaw and calls the attack method “Pickle in the Middle”.
The security vulnerability in Google’s Vertex AI SDK for Python allows an attacker to intercept a victim’s machine learning model upload and execute code directly in Google’s serving infrastructure – without the attacker needing access to the victim’s project.
The security team Palo Alto Networks Unit 42 discovered the vulnerability and reported it through Google’s bug bounty program. The technique is referred to as “Pickle in the Middle” and is based on the SDK implementation processing unvalidated serialization data that can trigger code execution during model upload.
According to current findings, there are no indications of exploitation in the wild. The security risk thus lies in a scenario where an attacker with minimal resources could gain considerable control over production environments – a classic cloud security scenario for CTOs operating Python-based ML pipelines on Google Cloud.
Source: thehackernews.com · Published June 16, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification through Lumi News Pipeline v1.7.1.