This document describes a threat finding type in Security Command Center. Threat findings are generated by threat detectors when they detect a potential threat in your cloud resources. For a full list of available threat findings, see Threat findings index.
Overview
The iam.serviceAccounts.getOpenIdToken IAM
permission was used across projects by an AI agent. This finding isn't available
for project-level activations. Findings are classified as Low
severity by default.
Event Threat Detection is the source of this finding.
How to respond
To respond to this finding, do the following:
Review finding details
Open the
Privilege Escalation: AI Agent Cross-Project OpenID Token Generationfinding as directed in Reviewing findings. Review the details in the Summary and JSON tabs.Identify other findings that occurred at a similar time for this resource. Related findings might indicate that this activity was malicious, instead of a failure to follow best practices.
Review the settings of the affected resource.
Check the logs for the affected resource.
Research attack and response methods
Review the MITRE ATT&CK framework entry for this finding type: Valid Accounts: Cloud Accounts.
Implement your response
For response recommendations, see Respond to AI threat findings.
Example finding JSON
The following is an example of the finding JSON, with default values omitted.
{ "finding": { "name": "organizations/ORGANIZATION_ID/sources/SOURCE_ID/locations/global/findings/FINDING_ID", "parent": "organizations/ORGANIZATION_ID/sources/SOURCE_ID/locations/global", "resourceName": "//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER", "state": "ACTIVE", "category": "Privilege Escalation: AI Agent Cross-Project OpenID Token Generation", "securityMarks": { "name": "organizations/ORGANIZATION_ID/sources/SOURCE_ID/locations/global/findings/FINDING_ID/securityMarks" }, "eventTime": "TIMESTAMP", "createTime": "TIMESTAMP", "severity": "LOW", "canonicalName": "projects/PROJECT_NUMBER/sources/SOURCE_ID/locations/global/findings/FINDING_ID", "findingClass": "THREAT", "access": { "callerIp": "IP_ADDRESS", "callerIpGeo": { "regionCode": "COUNTRY_CODE" }, "userAgent": "USER_AGENT", "serviceName": "iamcredentials.googleapis.com", "methodName": "GenerateIdToken", "principalSubject": "principal://agents-nonprod.global.org-ORGANIZATION_ID.system.id.goog/resources/staging-aiplatform/projects/PROJECT_NUMBER/locations/LOCATION/reasoningEngines/REASONING_ENGINE_ID" }, "mitreAttack": { "primaryTactic": "PRIVILEGE_ESCALATION", "primaryTechniques": [ "VALID_ACCOUNTS", "CLOUD_ACCOUNTS" ] }, "parentDisplayName": "Event Threat Detection", "domains": [ { "category": "AI" }, { "category": "IDENTITY_AND_ACCESS" } ], "logEntries": [ { "cloudLoggingEntry": { "insertId": "INSERT_ID", "logId": "cloudaudit.googleapis.com/data_access", "resourceContainer": "projects/PROJECT_ID", "timestamp": "TIMESTAMP" } } ] }, "resource": { "name": "//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER", "displayName": "PROJECT_ID", "type": "google.cloud.resourcemanager.Project", "cloudProvider": "GOOGLE_CLOUD_PLATFORM", "service": "cloudresourcemanager.googleapis.com", "gcpMetadata": { "project": "//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER", "projectDisplayName": "PROJECT_ID", "parent": "//cloudresourcemanager.googleapis.com/folders/FOLDER_ID", "parentDisplayName": "FOLDER_NAME", "folders": [ { "resourceFolder": "//cloudresourcemanager.googleapis.com/folders/FOLDER_ID", "resourceFolderDisplayName": "FOLDER_NAME" }, ], "organization": "organizations/ORGANIZATION_ID" }, "resourcePath": { "nodes": [ { "nodeType": "GCP_PROJECT", "id": "projects/PROJECT_NUMBER", "displayName": "PROJECT_ID" }, { "nodeType": "GCP_FOLDER", "id": "folders/FOLDER_ID", "displayName": "FOLDER_NAME" }, { "nodeType": "GCP_ORGANIZATION", "id": "organizations/ORGANIZATION_ID" } ] }, "resourcePathString": "organizations/ORGANIZATION_ID/folders/PROJECT_NUMBER/folders/FOLDER_ID/projects/PROJECT_NUMBER" }, "sourceProperties": { "sourceId": { "projectNumber": "PROJECT_NUMBER", "customerOrganizationNumber": "ORGANIZATION_ID" }, "detectionCategory": { "ruleName": "agent_engine_suspicious_token_generation", "subRuleName": "agent_engine_suspicious_token_generation_cross_project_openid" }, "detectionPriority": "LOW", "affectedResources": [ { "gcpResourceName": "//iamcredentials.googleapis.com/projects/-/serviceAccounts/SERVICE_ACCOUNT_UNIQUE_ID" }, { "gcpResourceName": "//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER" } ], "evidence": [ { "sourceLogId": { "projectId": "PROJECT_ID", "resourceContainer": "projects/PROJECT_ID", "timestamp": { "seconds": "TIMESTAMP_SECONDS", "nanos": TIMESTAMP_NANOS }, "insertId": "INSERT_ID", "logId": "cloudaudit.googleapis.com/data_access" } } ], "findingId": "FINDING_ID", "contextUris": { "mitreUri": { "displayName": "MITRE Link", "url": "https://attack.mitre.org/techniques/T1078/004" }, "cloudLoggingQueryUri": [ { "displayName": "Cloud Logging Query Link", "url": "https://console.cloud.google.com/logs/query;query=timestamp%3D%22TIMESTAMP%22%0AinsertId%3D%22INSERT_ID%22?project=PROJECT_ID" } ] }, "domains": [ { "category": "AI" }, { "category": "IDENTITY_AND_ACCESS" } ] } }
What's next
- Learn how to work with threat findings in Security Command Center.
- Refer to the Threat findings index.
- Learn how to review a finding through the Google Cloud console.
- Learn about the services that generate threat findings.