Google has addressed a significant zero-click vulnerability, “GeminiJack,” in its Gemini Enterprise and Vertex AI Search platforms, identified by Noma Security in June 2025. This flaw allows malicious actors to exploit indirect prompt injection without any user interaction, potentially leading to corporate data leaks. It enables attackers to embed harmful instructions in Google Workspace documents, which, upon routine employee searches, could trigger unauthorized data exfiltration.
The attack chain involves content poisoning in seemingly safe documents, and AI execution misinterpreting these instructions, resulting in sensitive information being sent to the attackers. Following the report, Google has separated Vertex AI Search from Gemini Enterprise to enhance security measures.
As AI tools become integral to corporate environments, organizations must reevaluate their data access configurations, implement strong monitoring, and stay informed about AI security threats to prevent such vulnerabilities. The UK’s NCSC has also issued guidance to mitigate these types of attacks.
Source link
