Google’s Gemini AI, integrated into Workspace, has been identified as vulnerable to hidden instructions in emails, allowing attackers to generate fake system warnings without links or attachments. Security researcher Marco Figueroa showcased this technique, which involves embedding invisible HTML and CSS instructions in the email body to manipulate Gemini’s responses. This allows scammers to craft deceptive alerts, like a Gmail password leak notification, that users trust as legitimate. The lack of visible indicators makes such phishing attacks particularly insidious. To mitigate these risks, Figueroa recommends filtering out hidden text, analyzing AI-generated responses for alarming content, and flagging suspicious messages. Google has acknowledged the vulnerability and is working on protective measures, although no real-world attacks using this method have been reported. This incident underscores ongoing concerns about prompt injection vulnerabilities in AI models and highlights the need for enhanced security in user interactions with AI applications.
Source link
Share
Read more