Google Gemini Phishing Vulnerability Exposed
Recent research has uncovered a vulnerability in Google Gemini, particularly affecting Google Gemini for Workspace, allowing hackers to exploit the AI tool for phishing attacks. The researcher, Marco Figueroa, highlighted that attackers can create seemingly legitimate email summaries containing hidden malicious instructions. By utilizing HTML and CSS tricks, they can disguise harmful links or directives, enabling these emails to evade spam filters. This technique is reminiscent of similar attacks reported last year.
Google has acknowledged the concerns but claims no evidence supports the manipulation of Gemini in the manner described. They are actively enhancing security measures through red-teaming exercises to fortify defenses against such adversarial tactics. Despite ongoing efforts, the research demonstrates that attackers continue to find loopholes in existing systems. Google has encouraged users to remain vigilant against potential phishing threats while reiterating their commitment to improving AI security.