Unit 42 identified a critical vulnerability in Google’s Vertex AI Python SDK that allows attackers to achieve remote code execution by exploiting bucket squatting tactics during model uploads. The flaw enables cross-tenant attacks, meaning a threat actor could potentially compromise customers’ environments through this supply chain vector.

Why it matters in Western Canada: Organizations in Western Canada using Google Cloud Vertex AI for machine learning workloads—particularly in healthcare, finance, and energy sectors—face elevated risk if they deploy affected SDK versions without patching.

---

Summary generated from the original advisory. Read the full source: unit42