Recent research from Tenable has uncovered three critical vulnerabilities in Google’s Gemini AI suite, potentially allowing attackers to manipulate the assistant and extract sensitive user information such as saved data and location history. The vulnerabilities impacted Gemini Cloud Assist, the Search Personalisation Model, and the Browsing Tool. Tenable reported that Google has addressed these issues, requiring no user intervention. The first vulnerability enabled log entry injections in Cloud Assist, influencing its behavior. In the Search Personalisation Model, attackers could exploit trusted Chrome search history to access sensitive data. The Browsing Tool could also be tricked into sending hidden requests to attacker-controlled servers. These findings emphasize the need for enterprises to consider AI-driven features as active attack surfaces. Regular audits of logs and search histories are essential, along with monitoring outbound requests for unusual activity to prevent data exfiltration. Securing AI requires not just patching flaws but also anticipating new attack vectors.
Source link
Share
Read more