Tenable Research uncovered three vulnerabilities in Google’s Gemini, highlighting the dual nature of AI platforms as targets and vehicles for attacks. The vulnerabilities include search-injection attacks on the Search Personalization Model, log-to-prompt injection exploiting Gemini Cloud Assist, and data exfiltration via the Gemini Browsing Tool. Attackers could manipulate user inputs to extract sensitive information, compromising security despite Google’s defenses.
Mitigations implemented by Google included preventing hyperlink rendering in log summaries, strengthening defenses against prompt injections, and establishing layered protections against various exploitation routes. These measures illustrated the urgent need for continuous monitoring and strict policy enforcement when adopting AI technologies. The Gemini Trifecta serves as a crucial reminder that AI environments can be exploited, necessitating robust security strategies to manage dynamic risk surfaces effectively. Organizations must be vigilant, as even advanced defenses can be bypassed. For more updates on AI security, follow us on Google News, LinkedIn, and X.
Source link
