A flaw in the Google Cloud Vertex AI SDK for Python let an
attacker with no access to a victim's project hijack the victim's
machine learning model upload and run code inside Google's serving
infrastructure. Palo Alto Networks Unit 42, which found and
reported the bug through Google's bug bounty program, calls the
technique "Pickle in the Middle" and said it saw no exploitation in
the wild.
Read more https://thehackernews.com/2026/06/google-vertex-ai-sdk-flaw-let-attackers.html
