diff --git a/providers/gcp/resources/gke.go b/providers/gcp/resources/gke.go
index dd3501aeea..00ead9a49a 100644
--- a/providers/gcp/resources/gke.go
+++ b/providers/gcp/resources/gke.go
@@ -589,7 +589,7 @@ func (g *mqlGcpProjectGkeServiceClusterNodepoolConfig) serviceAccount() (*mqlGcp
 	}
 	email := g.ServiceAccountEmail.Data
 
-	res, err := CreateResource(g.MqlRuntime, "gcp.project.iamService.serviceAccount", map[string]*llx.RawData{
+	res, err := NewResource(g.MqlRuntime, "gcp.project.iamService.serviceAccount", map[string]*llx.RawData{
 		"projectId": llx.StringData(projectId),
 		"email":     llx.StringData(email),
 	})
diff --git a/providers/gcp/resources/iam.go b/providers/gcp/resources/iam.go
index 91100eb160..b2f1ac6951 100644
--- a/providers/gcp/resources/iam.go
+++ b/providers/gcp/resources/iam.go
@@ -5,7 +5,6 @@ package resources
 
 import (
 	"context"
-	"errors"
 	"fmt"
 
 	"go.mondoo.com/cnquery/v11/llx"
@@ -74,7 +73,15 @@ func initGcpProjectIamServiceServiceAccount(runtime *plugin.Runtime, args map[st
 			return args, sa, nil
 		}
 	}
-	return nil, nil, errors.New("service account not found")
+
+	args["name"] = llx.NilData
+	args["uniqueId"] = llx.NilData
+	args["displayName"] = llx.NilData
+	args["description"] = llx.NilData
+	args["oauth2ClientId"] = llx.NilData
+	args["disabled"] = llx.NilData
+
+	return args, nil, nil
 }
 
 func (g *mqlGcpProjectIamService) serviceAccounts() ([]interface{}, error) {
@@ -137,6 +144,13 @@ func (g *mqlGcpProjectIamServiceServiceAccount) keys() ([]interface{}, error) {
 	}
 	email := g.Email.Data
 
+	// if the unique id is null, we were not able to find a record of this service account
+	// so skip the keys discovery
+	if g.UniqueId.IsNull() {
+		g.Keys.State = plugin.StateIsNull | plugin.StateIsSet
+		return nil, nil
+	}
+
 	conn := g.MqlRuntime.Connection.(*connection.GcpConnection)
 
 	creds, err := conn.Credentials(admin.DefaultAuthScopes()...)