New GeminiJack 0-Click Flaw in Gemini AI Exposed Users to Data Leaks

Google AI systems (Gemini Enterprise) had a critical ‘GeminiJack’ security flaw allowing attackers to steal Gmail, Docs, and Calendar data with no clicks.

A major security flaw, dubbed GeminiJack, was recently discovered by cybersecurity firm Noma Security in Google’s Gemini Enterprise and the company’s Vertex AI Search tool, possibly allowing attackers to secretly steal confidential corporate information. This vulnerability was unique because it required no clicks from the targeted employee and left behind no traditional warning signs.

Noma Security, through its research division Noma Labs, found that the issue wasn’t a standard software glitch, but an “architectural weakness” in how these enterprise AI systems, which are designed to read across an organisation’s Gmail, Calendar, and Docs, understand information. This means the very design of the AI made it vulnerable. The discovery was made on June 5, 2025, with the initial report submitted to Google on the ...