Google Patches AI Flaw That Turned Gemini Into a Spy

Zero-Click Vulnerability Let Attackers Weaponize Enterprise AI Assistant Rashmi Ramesh (rashmiramesh_) • December 9, 2025

Google patched a vulnerability in Gemini Enterprise that allowed attackers to steal corporate data through a shared document, calendar invitation or email without any user action or security alerts.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

Noma Labs discovered the vulnerability, christened GeminiJack, in Google Gemini Enterprise after first spotting it in Google's Vertex AI Search, a separate enterprise search product. Google collaborated with Noma Labs to validate the findings and deployed updates that changed how Gemini Enterprise and Vertex AI Search interact with their underlying retrieval and indexing systems.

The attack exploited how enterprise artificial intelligence systems interpret information. Attackers embedded hidden instructions inside shared documents. When employees performed standard searches in Gemini Enterprise, the AI automatically retrieved the poisoned document and executed the embedded instructions. Since Gemini ...