Understanding the Risks of Bucket Squatting in Google's Vertex AI SDK
A design flaw in the Vertex AI SDK for Python could allow attackers to hijack and poison AI models outside of a developer's own Google Cloud project. The vulnerability relies on a combination of poor bucket naming logic and missing authentication. This flaw highlights the importance of secure bucket naming and authentication in cloud-based AI development.