New Promptware Attack Hijacks User’s Gemini AI Via Google Calendar Invite

Cybersecurity researchers demonstrate a new attack on Google Gemini AI for Workspace. Discover how a simple calendar invite can be used to perform phishing, steal emails, and even control home appliances.

Cybersecurity researchers at SafeBreach Labs have uncovered a new kind of cyberattack that starts with something as ordinary as a Google Calendar invitation. According to the team, this method can be used to hijack a person’s Google Gemini AI agent, giving attackers the ability to spy on them, steal personal data, and even take control of smart home devices remotely.

The research, titled “Invitation Is All You Need,” was carried out by Ben Nassi, Stav Cohen, and Or Yair. In an interview with Hackread.com, SafeBreach Labs explained that the attack relies on a new kind of threat known as Promptware. This technique manipulates an AI model by inserting carefully composed text, or prompts, that trick it into ...