Stay organized with collections
Save and categorize content based on your preferences.
Security is a shared responsibility. Vertex AI secures the scalable
infrastructure that you use to build, train, and deploy your own models and
provides you tools and security controls to protect your data, code, and models.
Google's security and compliance responsibilities in providing
Vertex AI include the following:
Protect the infrastructure: Google is responsible for providing secure
infrastructure for its services, including physical security of data centers,
network security, and application security. This includes compliance with
applicable industry standards and regulations.
Secure the platform: Google is responsible for securing its platform,
including managing access controls, monitoring for security incidents, and
responding to security events. Google also provides customers with tools to
manage their own security settings and configurations.
Maintain compliance: Google maintains compliance with relevant data
protection laws and regulations.
The customer's security responsibilities include the following:
Use the latest versions of Vertex AI Containers and VM Images:
Vertex AI provides prebuilt containers and VM images to simplify the
use of its services. Google is responsible for creating new versions of these
images as vulnerabilities are identified. You are responsible for ensuring
that you properly configured your services to use the latest version, or to
manually upgrade to the latest version.
Manage access controls: You are responsible for managing access
controls to your own data and services. This includes managing user access,
authentication, and authorization controls, and securing your own
applications and data.
Secure applications: You are responsible for securing your own
applications running on the Vertex AI platform, including
implementing secure coding practices and regularly testing for
vulnerabilities.
Monitor for security incidents: You are responsible for monitoring
your own applications for security incidents, and reporting any
incidents to Google as necessary.
Comply with applicable laws and regulations for your use cases: You're the
expert in the security and regulatory requirements for your business and how
they apply to your use of Vertex AI.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# Vertex AI shared responsibility\n\nSecurity is a shared responsibility. Vertex AI secures the scalable\ninfrastructure that you use to build, train, and deploy your own models and\nprovides you tools and security controls to protect your data, code, and models.\n\nGoogle's security and compliance responsibilities in providing\nVertex AI include the following:\n\n- **Protect the infrastructure**: Google is responsible for providing secure\n infrastructure for its services, including physical security of data centers,\n network security, and application security. This includes compliance with\n applicable industry standards and regulations.\n\n- **Secure the platform**: Google is responsible for securing its platform,\n including managing access controls, monitoring for security incidents, and\n responding to security events. Google also provides customers with tools to\n manage their own security settings and configurations.\n\n- **Maintain compliance**: Google maintains compliance with relevant data\n protection laws and regulations.\n\n - Learn more about [Google Cloud compliance](/compliance).\n\nThe customer's security responsibilities include the following:\n\n- **Use the latest versions of Vertex AI Containers and VM Images**:\n Vertex AI provides prebuilt containers and VM images to simplify the\n use of its services. Google is responsible for creating new versions of these\n images as vulnerabilities are identified. You are responsible for ensuring\n that you properly configured your services to use the latest version, or to\n manually upgrade to the latest version.\n\n - Learn more about the [Vertex AI framework support policy](/vertex-ai/docs/framework-support-policy).\n- **Manage access controls**: You are responsible for managing access\n controls to your own data and services. This includes managing user access,\n authentication, and authorization controls, and securing your own\n applications and data.\n\n - Learn more about [Vertex AI access control with IAM](/vertex-ai/docs/general/access-control).\n- **Secure applications**: You are responsible for securing your own\n applications running on the Vertex AI platform, including\n implementing secure coding practices and regularly testing for\n vulnerabilities.\n\n - Learn more about [Customer-managed encryption keys](/vertex-ai/docs/general/cmek).\n\n - Learn more about [networks](/vertex-ai/docs/general/vpc-peering) and [VPC Service Controls](/vertex-ai/docs/general/vpc-service-controls).\n\n- **Monitor for security incidents**: You are responsible for monitoring\n your own applications for security incidents, and reporting any\n incidents to Google as necessary.\n\n - Learn more about [Monitoring](/vertex-ai/docs/general/monitoring-metrics) and [Audit logging](/vertex-ai/docs/general/audit-logging).\n- **Comply with applicable laws and regulations for your use cases**: You're the\n expert in the security and regulatory requirements for your business and how\n they apply to your use of Vertex AI.\n\nWhat's next\n-----------\n\n- Learn more about [Shared responsibilities on Google Cloud](/architecture/framework/security/shared-responsibility-shared-fate)."]]
