Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

A critical flaw in Google’s Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project.

From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a password.

Security firm Varonis found it

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories It’s dumb out there again. This week has the usual smell of prod on fire

What Changes When Your Software Supply Chain Includes AI Writing Your Code?

What Changes When Your Software Supply Chain Includes AI Writing Your Code? Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, “software supply

US holds off blacklisting DeepSeek, more than 100 firms deemed security risks

US holds off blacklisting DeepSeek, more than 100 firms deemed security risks Source: Hacker News