The Bottom Line: A flaw in Google’s Dialogflow CX allowed unauthorized data access to AI chatbot data until Google remediated the vulnerability.
Varonis reported a security vulnerability in Dialogflow CX to Google that enabled attackers to access chatbot data via a rogue agent instance. Google has since closed the vulnerability; security teams should review their AI infrastructure.
Security firm Varonis discovered a vulnerability in Google Dialogflow CX that allowed the creation of a so-called “rogue agent.” This compromised agent instance could access sensitive data from connected chatbots without the legitimate agent or the actual application being able to prevent it.
Varonis reported the flaw to Google in the second half of 2025, whereupon the company addressed and remediated the vulnerability. However, the flaw underscores a more fundamental security risk: AI systems and their integrated components are often not protected with the same rigor against unauthorized access as traditional applications.
For security teams and CISOs, this means that existing AI infrastructure should be subject to review. In particular, Dialogflow configurations, authentication between agents, and data access control mechanisms should be checked for misconfigurations and unintended privilege escalation possibilities.
Source: www.darkreading.com · Published 7 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.