Varonis Threat Labs disclosed **Rogue Agent** on **July 7, 2026**, a Google Dialogflow CX flaw that could let an attacker with playbook update permission persist malicious code inside an enterprise chatbot. Google told Axios the issue has been fully mitigated, with no known customer compromise and no customer action required. The security lesson is broader than Dialogflow: agent playbooks, code blocks, and tool permissions are now operational attack surfaces. For AI teams, the immediate control