Gemini AI Exploited via Google Invite Prompt Injection to Steal Sensitive User Data

Security researchers have discovered a series of critical vulnerabilities in Google’s Gemini AI assistant that allow attackers to exploit the system through seemingly innocent Google Calendar invitations and emails, potentially compromising users’ sensitive data and even controlling their smart home devices.

The groundbreaking research reveals a new class of threats called “Targeted Promptware Attacks,” which leverage indirect prompt injection techniques embedded within common user interactions.

These sophisticated attacks can be triggered when users ask Gemini-powered assistants about their emails, calendar events, or shared documents, unknowingly activating malicious code hidden within invitation titles or email subjects.

Five Classes of Malicious Attacks Identified

Researchers have categorized the discovered vulnerabilities into five distinct attack classes, each presenting escalating levels of risk. 

Short-term Context Poisoning serves as the initial entry point, allowing attackers to manipulate a single user session through malicious content in shared resources.

This transient attack method can evolve into Long-term ...