Weaponized Invite Enabled Calendar Data Theft via Google Gemini

A vulnerability in Google’s AI assistant Gemini allowed attackers to leak a victim’s private meetings via Google Calendar events, cybersecurity firm Miggo reports.

The attack involved creating a malicious calendar event and sending an invite to the targeted user.

Using a payload in the Calendar event’s description, the indirect prompt injection attack bypassed Calendar’s privacy controls to access meeting data and create deceptive events without user interaction.

The attack, Miggo explains, abused Calendar’s integration with Gemini, where the AI functions as an assistant, parsing all event data, including titles, times, attendees, and descriptions.

“Because Gemini automatically ingests and interprets event data to be helpful, an attacker who can influence event fields can plant natural language instructions that the model may later execute,” Miggo notes.

The cybersecurity firm discovered it was possible to create a calendar description that would instruct Gemini to summarize a victim’s ...