Discover critical security vulnerabilities in Google Cloud Platform's Identity-Aware Proxy (IAP) through this 22-minute conference talk that exposes how attackers can exfiltrate data without requiring public IP addresses. Learn about dangerous misconfigurations in IAP implementations, including IAM binding issues, excessive trust in HTTP headers, and commonly overlooked endpoints that create security gaps. Explore practical demonstration techniques showing how these vulnerabilities enable unauthorized data access and exfiltration from supposedly protected cloud resources. Gain insights into effective detection strategies for identifying these security weaknesses in your own GCP environments and develop a more critical understanding of trust boundaries within Google Cloud Platform's security model.