Cortex Cloud Security Research

Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

We discovered a vulnerability in the Google Cloud Vertex AI software development kit (SDK) for Python, and responsibly disclosed it to Google. Before Google’s fix, the vulnerability would have allowed an attacker operating entirely from their own Google Cloud project to hijack a victim's model upload and poison it. By exploiting...

Jun 16, 2026