Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security.
July 7, 2026
Google recently fixed a vulnerability that would have enabled an attacker to seize data from AI agents and chatbots built with one of Google's flagship AI tools.
Varonis researchers this week disclosed "Rogue Agent," a permission boundary issue in Google Cloud Platform's Dialogflow CX AI platform that Varonis Threat Labs describes as a "critical vulnerability." According to a research blog post, Rogue Agent would have "allowed attackers to exploit the Code Blocks feature to inject persistent malicious code into the Dialogflow agents' pipeline, silently exfiltrating conversations and conducting large-scale phishing campaigns."
Exploitation required updating only a single permission — dialogflow.playbooks.update — on one Dialogflow agent to exploit.








