Varonis Threat Labs discovered a critical vulnerability in Google Cloud Platform's Dialogflow CX service that allowed attackers with only the dialogflow.playbooks.update permission to inject persistent malicious code into the shared Cloud Run execution environment. The vulnerability enabled silent exfiltration of conversation data, bypassing VPC Service Controls, and injection of phishing prompts into chatbot conversations. Additional weaknesses included IMDS credential exposure and unrestricted outbound network access from the Cloud Run environment.