A Rogue Google Dialogflow Agent Could Hijack Enterprise Chatbots
The Neuron 1 week ago
Researchers at Varonis discovered a critical vulnerability in Google's Dialogflow CX service that allowed attackers with a single edit permission to inject malicious code into chatbot agents and steal conversation data. The vulnerability required only the dialogflow.playbooks.update permission on one agent to compromise all agents in the same Google Cloud project through shared Cloud Run infrastructure. Google patched the issue between April and June 2026, and organizations using Dialogflow CX are now advised to audit their configurations and review logs for suspicious playbook updates.