Undetected Vulnerabilities in Google’s Gemini Compromised User Data

Tenable recently identified three critical security flaws in Google’s Gemini suite, collectively termed the “Gemini Trifecta.” These vulnerabilities allowed attackers to hijack features stealthily, posing significant risks of data theft without user awareness. The flaws affected different components:

1. Gemini Cloud Assist: Attackers could insert deceptive log entries, manipulating Gemini into executing their commands.
2. Gemini Search Personalization Model: Malicious queries could be disguised within users’ browser histories, leading Gemini to divulge sensitive data.
3. Gemini Browsing Tool: Attackers could direct hidden web requests to external servers, compromising private user information.

Despite Google’s prompt fixes, Tenable warns that AI systems like Gemini remain enticing targets for cybercriminals. Security teams are advised to consider AI features as active attack surfaces, regularly auditing logs and search histories. This incident emphasizes the need for robust, layered defenses to mitigate risks associated with AI technology.

Source link