Palo Alto Networks Unit 42 disclosed that the default platform-managed service account (P4SA) in Google Cloud Vertex AI Agent Engine carries excessive OAuth scopes, enabling a compromised or malicious AI agent to steal service account credentials via the GCP metadata server, enumerate and read all Cloud Storage buckets in the project, and access Google-internal Artifact Registry container images not intended for customer access. No CVE has been assigned and no active exploitation is confirmed, but the finding is architecturally significant: the exposure is present by default in any Agent Engine deployment that has not adopted Bring Your Own Service Account (BYOSA), and it is not auto-remediated by Google’s control updates to existing environments. Organizations running Vertex AI workloads should audit P4SA permissions using GCP IAM Recommender, replace the default service account with a BYOSA scoped to least privilege, and extend IAM audit processes to cover AI agent service identities as a distinct identity class.