Researchers at Mozilla's 0Din have identified a significant vulnerability in Google's Gemini for Workspace, enabling attackers to embed invisible phishing prompts within emails that the AI interprets when generating summaries. This indirect prompt injection technique, utilizing hidden HTML and CSS, can bypass current Google defenses, tricking users into trusting fake security alerts or urgent instructions presented by Gemini. While Google is actively deploying updated safeguards and has not observed active exploitation, this development signals an evolving threat landscape where AI-integrated tools become a subtle yet potent vector for sophisticated social engineering attacks.
A significant cybersecurity vulnerability has been identified in Google's (GOOGL) Gemini for Workspace by researchers at Mozilla's 0Din, exposing a new vector for phishing attacks. The flaw enables attackers to use 'indirect prompt injection' by embedding hidden commands in emails using HTML and CSS, which are invisible to the user but processed by Gemini's summarization feature. This can mislead the AI into generating fake security alerts or instructions that appear to originate from Google's trusted interface, creating a potent social engineering risk. While Google states it is deploying updated safeguards and has not observed active exploitation of this specific technique, the discovery highlights that its current defenses, implemented since 2024, can be bypassed. This incident underscores a material risk in the rapid deployment of generative AI into enterprise software, demonstrating that even sophisticated models from industry leaders are susceptible to novel attacks that exploit the inherent trust users place in AI-integrated tools.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately negative
Sentiment Score
-0.50
Ticker Sentiment
