Recent findings from Tenable reveal alarming vulnerabilities in Google’s Gemini suite, termed the “Gemini Trifecta,” raising critical AI security concerns. These three flaws, now patched, allowed potential attackers to manipulate Gemini’s functions and harvest sensitive user data without detection. The vulnerabilities spanned Gmail Cloud Assist, where malicious log entries could influence actions, to Gemini’s Search Personalisation Model, which could be tricked into leaking private information through injected queries. Attackers could even exploit the Gemini Browsing Tool to send user data to their servers.
Tenable emphasizes that the primary issue lay in Gemini’s failure to distinguish between legitimate and harmful inputs, making AI-driven tools an easy target for exploitation. Security professionals are urged to recognize AI features as active threats, conduct regular audits, and proactively strengthen defenses. This incident underscores the need for robust security measures as AI technologies evolve. Read more about the findings here.
