Experts are sounding the alarm over AI assistants like Google Gemini, which may expand attack surfaces and lead to increased phishing risks. Security researchers have uncovered a critical vulnerability in Google Gemini for Workspace, enabling hackers to embed malicious HTML and CSS within email content. This allows hidden prompts to mislead users into clicking on fake alerts, we’ve crafted using invisible text styles. When users utilize Gemini’s ‘Summarise this email’ feature, they might unknowingly engage with phishing attempts that can steal sensitive information. The issue impacts not just Gmail but also Google Docs, Slides, and Drive, raising concerns about AI-driven phishing scams and self-replicating ‘AI worms.’ To combat these threats, experts recommend implementing rigorous HTML checks, LLM firewalls, and user training to consider AI-generated summaries as informational only. Google is urged to enhance HTML sanitization, improve context attribution, and ensure visibility of hidden prompts within Gemini. Monitoring AI tools is now essential for security teams.
Source link
Share
Read more