Daily cloud and web hosting news coverage by HostingDiscussion.com

Security Flaw in Google Cloud’s Document AI Leaves Data Vulnerable, Expert Warns

A security flaw in Google Cloud’s Document AI service may leave sensitive data in Cloud Storage buckets vulnerable to theft, according to Kat Traxler, a principal security researcher at Vectra AI. Despite Google awarding a $3,133.70 bug bounty for the discovery, the tech giant has yet to fully resolve the issue, raising concerns over data security.

Traxler first identified the vulnerability in April 2024 and demonstrated how overly broad permissions in Document AI’s batch processing mode could allow attackers to bypass access controls. The flaw enables malicious actors to exfiltrate data from Google Cloud Storage to another location, potentially compromising sensitive information. Though Google initially labeled the issue as “fixed” in June, Traxler disputes this claim, stating the misconfiguration still poses a threat.

In response, Traxler presented a proof-of-concept (POC) showing how she exploited the permissions assigned to Document AI’s service agent to extract and alter a PDF file stored in a Cloud Storage bucket. Despite Google’s assertions, Traxler maintains the problem persists, allowing attackers to exploit Document AI’s pre-set permissions to access restricted data.

The ongoing issue underscores the need for improved security measures in cloud-based services, especially as organizations increasingly rely on AI-driven solutions to handle sensitive information.

Share this post

Supporters

Dedicated Servers

Enterprise Dedicated Servers - Intel/AMD EPYC & RYZEN - 100% Uptime 24/7 Support

Save 37% Off Plesk License

Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!

Up to 30% Off on KVM VPS

Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.

.CA Domain for only C$10.99

Get a .CA domain, with domain privacy, full DNS record control, domain forwarding, excellent support.

Web Design and SEO

Premium professional WordPress sites that will not break your wallet. Optimized for SEO to drive traffic.

Interviews

Members Recently Online

Menu