Tenable recently uncovered three critical vulnerabilities in Google’s Gemini suite, termed the “Gemini Trifecta.” These flaws, now patched by Google, jeopardized millions of users by exposing them to silent data theft through components like Cloud Assist, the Search Personalisation Model, and the Browsing Tool.
In Cloud Assist, attackers could manipulate log entries, enabling AI behavior sabotage without user awareness. The Search Personalisation Model vulnerability let attackers inject queries into browsers, risking sensitive data exfiltration. Lastly, the Browsing Tool flaw facilitated hidden data requests, compromising user privacy.
Tenable emphasized that these exploits turned Gemini itself into an attack vehicle, highlighting the need for robust, proactive security measures in AI systems. They recommend treating AI features as potential attack surfaces, conducting regular audits, and ensuring resilience against prompt injection attacks.
As AI platforms evolve, security must shift from reactive fixes to comprehensive defenses to preemptively address emerging vulnerabilities.
Source link
