A Google Gemini security flaw let hackers use calendar invites to steal private data

• Researchers discover Gemini AI prompt injection via Google Calendar invites
• Attackers could exfiltrate private meeting data with minimal user interaction
• Vulnerability has been mitigated, reducing immediate exploitation risk

Security researchers found yet another way to run prompt injection attacks on Google’s Gemini AI, this time to exfiltrate sensitive Google Calendar data.

Prompt injection is a type of attack in which the malicious actor hides a prompt in an otherwise benign message. When the victim tells their AI to analyze the message (or otherwise use it as data in its work), the AI ends up running the prompt and doing the actor’s bidding.

At its core, prompt injection is possible because AIs cannot distinguish between the instruction and the data used to execute that instruction.