A recent cybersecurity study revealed a vulnerability in Google’s Gemini, allowing hackers to inject malicious instructions within Gmail’s email summarization feature. These hidden commands, often embedded in plain HTML or invisible text, can mislead users into believing deceptive messages are legitimate prompts from Gemini, potentially compromising sensitive data. The researcher highlighted that this exploitation could prompt recipients to share personal information unknowingly.
In response, Google stated it has updated Gemini’s models to recognize and block such phishing tactics, continually refining its security measures to identify and redact suspicious links and prompts. Although these updates are a step forward, users should remain cautious of any messages encouraging risky actions like clicking links or sharing personal information. The study underscores the necessity for vigilance against evolving online threats, reminding users that AI, while beneficial, can also present vulnerabilities that may be exploited for social engineering attacks.
Source link