A recent study titled “Invitation Is All You Need” reveals vulnerabilities in Google’s Gemini AI assistant, highlighting the risk of prompt injection via calendar invites. Researchers from Tel Aviv University and Technion demonstrated that attackers can embed malicious prompts in calendar titles or email subjects, enabling harmful actions without user awareness. This method, known as Targeted Promptware Attacks, exploits Gemini’s contextual processing, leading to outcomes ranging from generating spam content to executing real-world actions, like opening smart windows.
The study identifies five threat classes, including Short-Term Context Poisoning and Automatic App Invocation, each capable of compromising user security. Using the Threat Analysis and Risk Assessment (TARA) framework, they rated 73% of scenarios as High-Critical in terms of privacy violations.
Following responsible disclosure, Google implemented mitigations, enhancing detection and user verification systems, which reduced risks significantly. The findings underscore the importance of managing adversarial inputs in AI-integrated IoT ecosystems to prevent potential misuse.
Source link
