Google Gemini Vulnerabilities Let Hackers Steal Saved Data and Live Location

Research has uncovered three significant vulnerabilities in Google’s Gemini AI assistant suite, dubbed the “Gemini Trifecta,” that could have allowed cybercriminals to steal users’ saved data and live location information.

The vulnerabilities, which have since been remediated by Google, demonstrate how artificial intelligence systems can become attack vectors rather than just targets.

Illustration of a hacker stealing sensitive data from a computer, highlighting risks of AI vulnerabilities like those in Google Gemini

Gemini Trifecta Vulnerabilities

According to Tenable, the discovered vulnerabilities targeted different components of the Gemini ecosystem. The first flaw affected Gemini Cloud Assist, Google’s cloud-based AI tool designed to help users analyze logs and cloud resources.

Gemini Cloud Assist : Attackers could inject malicious prompts through HTTP User-Agent headers in log entries, which would then be processed by the AI when users requested log summaries.

Gemini Search Personalization Model : The second vulnerability exploited ...