Researchers Find Hackers Can Hide AI Prompt Attacks in Compressed Images

Researchers have discovered a new way hackers can manipulate AI by hiding malicious instructions inside images. According to the cybersecurity research blog Trail of Bits, they could conceal text within pictures that becomes readable only after the image is compressed—a process many platforms use to reduce file size. Once visible to the AI system, this text can be interpreted as instructions, leading the model to perform actions the user never asked for.

Compressing an image can create artifacts that AI tools interpret as readable text. To a human, the original image looks no different than before; when uploaded to a system like Google's Gemini or Android's circle-to-search tool, the backend compresses the file before it is processed. Then, the hidden words show up, and the AI may act on them. In tests, compressed images instructed Gemini to send calendar data to a third party.

This demonstrates how ...