Signal criticality: High
What happened: Dark Reading published "Google's Vertex AI Is Over-Privileged. That's a Problem". Palo Alto Networks researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure The report describes a concrete compromise, exposure, or abuse pattern with direct defensive implications. The practical question is what permissions, connected data, or follow-on actions this signal can influence in a real deployed workflow.
Key takeaways:
Original source: https://www.darkreading.com/cyber-risk/googles-vertex-ai-over-privilege-problem
Signal criticality: High
What happened: SecurityWeek published "In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware". Other noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident The report describes a concrete compromise, exposure, or abuse pattern with direct defensive implications. The practical question is what permissions, connected data, or follow-on actions this signal can influence in a real deployed workflow.
Key takeaways:
Original source: https://www.securityweek.com/in-other-news-chatgpt-data-leak-android-rootkit-water-facility-hit-by-ransomware/
Signal criticality: High
What happened: Unit 42 published that threat Research Center Threat Research Malware Malware Double Agents: Exposing Security Blind Spots in GCP Vertex AI 11 min read Related Products Cortex Cortex Cloud Prisma AIRS Unit 42 AI Security Assessment Unit 42 Incident Response By: Ofir Shaty Published: March 31, 2026 Categories: Malware Threat Research Tags: Agentic AI Data exfiltration GCP Google Cloud Google cloud storage JSON LLM Privilege escalation Vertex AI Share Executive Summary Artificial intelligence (AI) agents are quickly advancing into powerful autonomous systems that can perform complex tasks.
Key takeaways:
Original source: https://unit42.paloaltonetworks.com/double-agents-vertex-ai/
Signal criticality: High
What happened: Help Net Security reported that aPERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance APERION launched SmartFlow SDK, providing a secure, on-premises path for enterprises migrating away from compromised cloud-based AI gateways. The launch coincides with a 200% increase in web traffic since the March 24 LiteLLM supply chain attack that compromised an estimated 36% of all cloud environments. LiteLLM was the victim of a supply chain attack in which the threat actor group TeamPCP compromised the most widely used open-source LLM proxy in the Python ecosystem through a cascading breach of Aqua Security’s Trivy vulnerability scanner.
Key takeaways:
Original source: https://www.helpnetsecurity.com/2026/04/03/aperion-smartflow-sdk-ai-governance/
The strongest signal today is that AI security is being decided in the surrounding control layer — permissions, connectors, deterministic workflow design, response speed, and the infrastructure that still underpins trust. That is a more durable framing than generic agent hype, and it is the one worth carrying forward.