Google Gemini for Workspace is vulnerable to prompt-injection attacks, which exploit email summaries to generate seemingly legitimate but malicious content. By embedding invisible commands in the email body using CSS and HTML tricks, attackers can manipulate Gemini to produce harmful summaries, such as fake security alerts about compromised accounts. Despite ongoing efforts to counter such threats since 2024, these attacks remain effective.
Researcher Marco Figueroa disclosed this issue through Mozilla’s 0DIN program, emphasizing that due to the absence of links or attachments, malicious emails are more likely to bypass filters. Users should be cautious and not automatically trust Gemini’s outputs, particularly when it involves security warnings. Mitigation strategies include neutralizing hidden content and implementing filters to flag messages with urgent tones or suspicious information. Google is actively enhancing its defenses against these types of threats, as stated by a company representative. Users are urged to remain vigilant when interacting with AI-generated summaries.
Source link