New research by Trail of Bits reveals a critical "image-scaling prompt injection" vulnerability impacting Google's Gemini and other production AI systems, including Google Assistant. This exploit leverages how AI pipelines downscale images, making hidden malicious instructions visible only at the model's input resolution, enabling unauthorized data exfiltration—demonstrated by Google Calendar data extraction via Gemini CLI—and sensitive tool actions. The systemic exposure highlights a fundamental security flaw where user-visible input differs from model-ingested data, posing significant risks for AI deployments and necessitating immediate architectural and procedural mitigations.
New research from Trail of Bits has identified a significant cybersecurity vulnerability, termed "image-scaling prompt injection," impacting core Alphabet (GOOGL) AI products including Gemini and Google Assistant. This exploit allows malicious instructions, hidden within seemingly benign images, to be activated when the AI system's pipeline downscales the image for processing. This creates a critical disconnect between the user-facing input and the model-ingested data, leading to unauthorized actions. The research demonstrated a practical data exfiltration attack, where Google Calendar data was stolen via the Gemini CLI using a permissive third-party tool configuration. The vulnerability is systemic, affecting not only the Gemini web interface and API but also Vertex AI and third-party applications, underscoring a fundamental security flaw in common image processing workflows used across the industry. The strongly negative sentiment score of -0.75 for GOOGL reflects the severity of this issue, which strikes at the trust and security necessary for the enterprise adoption and monetization of Google's strategic AI initiatives.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Overall Sentiment
strongly negative
Sentiment Score
-0.70
Ticker Sentiment
