{"id":4540,"date":"2024-09-18T19:47:30","date_gmt":"2024-09-18T23:47:30","guid":{"rendered":"https:\/\/hostingdiscussion.com\/news\/?p=4540"},"modified":"2024-09-18T19:47:30","modified_gmt":"2024-09-18T23:47:30","slug":"security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns","status":"publish","type":"post","link":"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/","title":{"rendered":"Security Flaw in Google Cloud&#8217;s Document AI Leaves Data Vulnerable, Expert Warns"},"content":{"rendered":"<div class=\"flex-1 overflow-hidden\">\n<div class=\"h-full\">\n<div class=\"react-scroll-to-bottom--css-juztu-79elbk h-full\">\n<div class=\"react-scroll-to-bottom--css-juztu-1n7m0yu\">\n<div class=\"flex flex-col text-sm md:pb-9\">\n<article class=\"w-full text-token-text-primary focus-visible:outline-2 focus-visible:outline-offset-[-4px]\" dir=\"auto\" data-testid=\"conversation-turn-213\" data-scroll-anchor=\"true\">\n<div class=\"text-base py-[18px] px-3 md:px-4 m-auto w-full md:px-5 lg:px-4 xl:px-5\">\n<div class=\"mx-auto flex flex-1 gap-4 text-base md:gap-5 lg:gap-6 md:max-w-3xl lg:max-w-[40rem] xl:max-w-[48rem]\">\n<div class=\"flex-shrink-0 flex flex-col relative items-end\">\n<div class=\"pt-0\">\n<div class=\"gizmo-shadow-stroke flex h-8 w-8 items-center justify-center overflow-hidden rounded-full\">\n<div class=\"h-full w-full\">\n<div class=\"gizmo-shadow-stroke overflow-hidden rounded-full\">\n<p>A security flaw in Google Cloud\u2019s Document AI service may leave sensitive data in Cloud Storage buckets vulnerable to theft, according to Kat Traxler, a principal security researcher at Vectra AI. Despite Google awarding a $3,133.70 bug bounty for the discovery, the tech giant has yet to fully resolve the issue, raising concerns over data security.<\/p>\n<p>Traxler first identified the vulnerability in April 2024 and demonstrated how overly broad permissions in Document AI\u2019s batch processing mode could allow attackers to bypass access controls. The flaw enables malicious actors to exfiltrate data from Google Cloud Storage to another location, potentially compromising sensitive information. Though Google initially labeled the issue as &#8220;fixed&#8221; in June, Traxler disputes this claim, stating the misconfiguration still poses a threat.<\/p>\n<p>In response, Traxler presented a proof-of-concept (POC) showing how she exploited the permissions assigned to Document AI\u2019s service agent to extract and alter a PDF file stored in a Cloud Storage bucket. Despite Google\u2019s assertions, Traxler maintains the problem persists, allowing attackers to exploit Document AI&#8217;s pre-set permissions to access restricted data.<\/p>\n<p>The ongoing issue underscores the need for improved security measures in cloud-based services, especially as organizations increasingly rely on AI-driven solutions to handle sensitive information.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/article>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A security flaw in Google Cloud\u2019s Document AI service may leave sensitive data in Cloud Storage buckets vulnerable to theft, according to Kat Traxler, a principal security researcher at Vectra AI. Despite Google awarding a $3,133.70 bug bounty for the discovery, the tech giant has yet to fully resolve the issue, raising concerns over data [&hellip;]<\/p>\n","protected":false},"author":20624,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[682,2319,1793,2320,2318],"class_list":["post-4540","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-data-security","tag-document-ai","tag-google-cloud","tag-kat-traxler","tag-vectra-ai"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security Flaw in Google Cloud&#039;s Document AI Leaves Data Vulnerable, Expert Warns - Web Hosting News<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Flaw in Google Cloud&#039;s Document AI Leaves Data Vulnerable, Expert Warns - Web Hosting News\" \/>\n<meta property=\"og:description\" content=\"A security flaw in Google Cloud\u2019s Document AI service may leave sensitive data in Cloud Storage buckets vulnerable to theft, according to Kat Traxler, a principal security researcher at Vectra AI. Despite Google awarding a $3,133.70 bug bounty for the discovery, the tech giant has yet to fully resolve the issue, raising concerns over data [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/\" \/>\n<meta property=\"og:site_name\" content=\"Web Hosting News\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-18T23:47:30+00:00\" \/>\n<meta name=\"author\" content=\"Justine Juyad\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Justine Juyad\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/\",\"url\":\"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/\",\"name\":\"Security Flaw in Google Cloud's Document AI Leaves Data Vulnerable, Expert Warns - Web Hosting News\",\"isPartOf\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#website\"},\"datePublished\":\"2024-09-18T23:47:30+00:00\",\"dateModified\":\"2024-09-18T23:47:30+00:00\",\"author\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3\"},\"breadcrumb\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/hostingdiscussion.com\/news\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security Flaw in Google Cloud&#8217;s Document AI Leaves Data Vulnerable, Expert Warns\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#website\",\"url\":\"https:\/\/hostingdiscussion.com\/news\/\",\"name\":\"Web Hosting News\",\"description\":\"Cloud and web hosting industry daily news\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hostingdiscussion.com\/news\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3\",\"name\":\"Justine Juyad\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g\",\"caption\":\"Justine Juyad\"},\"description\":\"HostingDiscussion.com senior reporter\",\"sameAs\":[\"https:\/\/hostingdiscussion.com\/news\/\"],\"url\":\"https:\/\/hostingdiscussion.com\/news\/author\/justine-juyad\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security Flaw in Google Cloud's Document AI Leaves Data Vulnerable, Expert Warns - Web Hosting News","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/","og_locale":"en_US","og_type":"article","og_title":"Security Flaw in Google Cloud's Document AI Leaves Data Vulnerable, Expert Warns - Web Hosting News","og_description":"A security flaw in Google Cloud\u2019s Document AI service may leave sensitive data in Cloud Storage buckets vulnerable to theft, according to Kat Traxler, a principal security researcher at Vectra AI. Despite Google awarding a $3,133.70 bug bounty for the discovery, the tech giant has yet to fully resolve the issue, raising concerns over data [&hellip;]","og_url":"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/","og_site_name":"Web Hosting News","article_published_time":"2024-09-18T23:47:30+00:00","author":"Justine Juyad","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Justine Juyad","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/","url":"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/","name":"Security Flaw in Google Cloud's Document AI Leaves Data Vulnerable, Expert Warns - Web Hosting News","isPartOf":{"@id":"https:\/\/hostingdiscussion.com\/news\/#website"},"datePublished":"2024-09-18T23:47:30+00:00","dateModified":"2024-09-18T23:47:30+00:00","author":{"@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3"},"breadcrumb":{"@id":"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostingdiscussion.com\/news\/security-flaw-in-google-clouds-document-ai-leaves-data-vulnerable-expert-warns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostingdiscussion.com\/news\/"},{"@type":"ListItem","position":2,"name":"Security Flaw in Google Cloud&#8217;s Document AI Leaves Data Vulnerable, Expert Warns"}]},{"@type":"WebSite","@id":"https:\/\/hostingdiscussion.com\/news\/#website","url":"https:\/\/hostingdiscussion.com\/news\/","name":"Web Hosting News","description":"Cloud and web hosting industry daily news","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostingdiscussion.com\/news\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3","name":"Justine Juyad","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g","caption":"Justine Juyad"},"description":"HostingDiscussion.com senior reporter","sameAs":["https:\/\/hostingdiscussion.com\/news\/"],"url":"https:\/\/hostingdiscussion.com\/news\/author\/justine-juyad\/"}]}},"views":332,"_links":{"self":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/4540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/users\/20624"}],"replies":[{"embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/comments?post=4540"}],"version-history":[{"count":1,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/4540\/revisions"}],"predecessor-version":[{"id":4542,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/4540\/revisions\/4542"}],"wp:attachment":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/media?parent=4540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/categories?post=4540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/tags?post=4540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}