A researcher has discovered that Google Gemini for Workspace is affected by a immediate injection vulnerability that may be exploited to trick the AI assistant into displaying a phishing message.
The weak point was discovered by Marco Figueroa and reported by Mozilla’s 0Din bug bounty program, which focuses on gen-AI vulnerabilities.
The researcher’s hack entails sending the focused person an electronic mail that, along with a benign lure textual content, comprises a phishing message that’s written with white font on a white background, making it invisible to the goal.
This phishing message, which must be wrapped inside tags, instructs Gemini to incorporate the message on the finish of its response.
When the goal makes use of Gemini’s ‘summarize this electronic mail’ performance to get a abstract of the attacker’s electronic mail, along with a abstract of the textual content seen to the sufferer, Gemini shows the phishing message. That’s as a result of Gemini prioritizes the textual content wrapped in tags and reproduces it verbatim.
For example, Figueroa created an electronic mail that might trigger Gemini to show a message informing the sufferer that their Gmail password has been compromised, instructing them to name a telephone quantity to reset the password. The attacker might then phish the sufferer’s credentials after they get the decision.
It’s unclear if the weak point has been addressed by Google. SecurityWeek has reached out to the tech big for remark and can replace this text if it responds.
The corporate lately summarized a number of the steps it has been taking to mitigate immediate injection assaults.
Associated: Grok-4 Falls to a Jailbreak Two Days After Its Launch
Associated: ChatGPT Jailbreak: Researchers Bypass AI Safeguards Utilizing Hexadecimal Encoding and EmojisAdvertisement. Scroll to proceed studying.
Associated: New AI Jailbreak Bypasses Guardrails With Ease
