Bucket-Squatting | GRID THE GREY

LIVE FEED

FIRST LOOK First Look: AI Agent Identity Continuity Expands Persistent Credential Abuse Surface // FIRST LOOK First Look: Dual-Use AI Exploit Models Create Unavoidable Offensive Capability … // FIRST LOOK First Look: Gemini Omni Deep OS Integration Expands Ambient AI Attack Surface on Android … // FIRST LOOK First Look: NVIDIA XR AI Embeds Persistent Agents Into Physical-World Sensor Streams // HIGH Bucket Squatting Flaw in Vertex AI SDK Enabled Model Hijack and RCE // CRITICAL China-Linked Group Suspected of Accessing Anthropic's Restricted Mythos Model // FIRST LOOK First Look: Amazon Bedrock AgentCore RAG Agent Exposes Multi-Layer Injection and Data … // FIRST LOOK First Look: AWS Agent-EvalKit Embeds LLM Judges Into Dev Pipelines, Expanding Adversarial … // FIRST LOOK First Look: Amazon Quick's Agentic Incident Triage Assistant Bridges Observability Data … // HIGH Brazilian Government LLM Exposed as Unauthorised Merge of Third-Party Models //

1 report

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks First Look: Security Model Theft Data Poisoning

Bucket Squatting Flaw in Vertex AI SDK Enabled Model Hijack and RCE

ATLAS OWASP HIGH The Hacker News Jun 17, 2026 ▲ 8.5

Bucket Squatting Flaw in Vertex AI SDK Enabled Model Hijack and RCE

A vulnerability in the Google Cloud Vertex AI Python SDK allowed unauthenticated attackers to intercept model uploads by pre-registering predictable staging bucket names — a technique Unit 42 calls …

AML.T0010 - ML Supply Chain Compromise AML.T0018 - Backdoor ML Model AML.T0031 - Erode ML Model Integrity