Infosec hounds spot prompt injection vuln in Google Gemini apps

Black hat A trio of researchers has disclosed a major prompt injection vulnerability in Google's Gemini large language model-powered applications.

This allows for attacks ranging from "permanent memory poisoning" to unwanted video streaming, email exfiltration, and even taking over the target's smart home systems to plunge them into darkness or open a powered window, all triggered by nothing more than a simple Google Calendar invitation or email.

"You used to believe that adversarial attacks against AI-powered systems are complex, impractical, and too academic," researchers Ban Nassi, Stav Cohen, and Or Yair, of Tel-Aviv University, Technion, and SafeBreach respectively, explained of their findings. "In reality, an indirect prompt injection in a Google invitation is all you need to exploit Gemini for Workspace's agentic architecture to trigger the following outcomes:

"Toxic content generation; spamming; deleting events from the user's calendar; opening the windows in a victim's apartment ...