For centuries, hidden text has facilitated private communication, evolving from invisible ink to modern-day cyber threats. Recent revelations from Mozilla’s 0-Day Investigative Network (0din) highlight a concerning vulnerability in Google Gemini’s AI features, particularly within Workspace. Cybercriminals can exploit this AI by embedding malicious prompts in emails, formatted to remain invisible, like white-on-white text. When users request a summary, Gemini unwittingly includes these prompts, potentially triggering social engineering attacks. Despite Google’s previous mitigations, the technique remains effective, posing significant risks as it capitalizes on trust in AI-generated content. The report suggests that prompt injections in AI are akin to email macros, illustrating the urgency for robust context-isolation in AI systems. Security teams must treat AI assistants as critical attack surfaces, implementing stringent measures to ensure their outputs are secure. Stay informed with the latest tech insights and cybersecurity updates from Tom’s Hardware.
Source link
Investigation Uncovers Vulnerability in Google Gemini for Workspace: AI Tool Could Be Exploited for Phishing Attacks via Hidden Malicious Instructions
Share
Read more