Rogue Agent: How a Single Code Block Could Hijack Your AI Conversations in Google's Dialogflow
Varonis, Tuesday, July 7th, 2026
Varonis Threat Labs disclosed a Dialogflow CX flaw letting attackers persist malicious code and exfiltrate conversations.
Varonis Threat Labs disclosed a critical vulnerability in Google Cloud Platform's Dialogflow CX service that let attackers inject persistent malicious code into agents' pipelines and silently exfiltrate conversations.
The flaw required only a single edit permission to compromise all agents within a project.
Google released an initial patch in April 2026 and fully resolved the issue by June 2026. No known exploitation occurred before the fix.