Varonis disclosed a now-patched flaw in Google Cloud's Dialogflow CX, the platform many companies use to build customer-service, financial, and healthcare chatbots. Because all chatbots using the platform's custom-code feature in one Google Cloud project shared a single execution environment with a writable setup file and no isolation, an attacker who could edit one agent, needing only a single low-level permission, could overwrite that file and hijack every chatbot in the project. From there they could read live conversations, steal shared data, and make bots ask for passwords. Google reported no exploitation before fixing it and no customer action is now required, but the case shows how AI features inherit cloud risks.