Overly permissive settings in Google Cloud’s Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive information. This, according to threat detection and response company Vectra AI and its principal security researcher Kat Traxler, who says that despite eventually receiving a bug bounty from Google for the find, the cloud giant has yet to fix the misconfiguration, meaning that this attack vector is still wide open.
Source: The Register