Researchers discover attack method that exploits Gemini AI through Google Calendar invites.
Posted inCybersecurity News

Researchers discover attack method that exploits Gemini AI through Google Calendar invites.

A team of cybersecurity researchers has uncovered a sophisticated attack method that exploits Google's Gemini AI assistant through seemingly innocent calendar invitations, demonstrating how artificial intelligence systems can be weaponized against their own users. The vulnerability, dubbed "Targeted Promptware Attacks," allows malicious actors to hijack Gemini's functionality and perform unauthorized actions ranging from data theft to physical world manipulation.
Google Gemini can be exploited through indirect prompt injection to allow embedding of malicious content that directs users to phishing sites.
Posted inCybersecurity News

Google Gemini can be exploited through indirect prompt injection to allow embedding of malicious content that directs users to phishing sites.

Google Gemini for Workspace can be exploited through a technique called indirect prompt injection. This allows attackers to manipulate Gemini’s email summaries, making them appear legitimate while embedding malicious instructions or warnings that direct users to phishing sites—without using traditional attachments or direct links.