Security researchers revealed that Google's Gemini AI, integrated into Workspace products, is vulnerable to indirect prompt injection attacks. These attacks can affect platforms like Gmail, Google Slides, and Google Drive, enabling phishing and manipulation. Despite the potential for significant harm, Google has classified this as an 'Intended Behavior' and refused to address it.
Gmail users love the smart features that make using the world’s most popular email provider with 2.5 billion accounts such a breeze. The introduction of Gemini AI for Workspace, covering multiple Google products, only moved usability even further up the email agenda.
But, as security researchers confirmed security vulnerabilities and demonstrated how attacks could occur across platforms like Gmail, Google Slides, and Google Drive, why did Google decide this was not a security issue and issue a “Won’t Fix (Intended Behavior)” ticket? I’ve been digging with the help of Google, and here’s what I’ve found and you need to know.a second wave of attacks targeting Gmail users. But one technical security analysis caught my attention from earlier in the year that left me wondering just why one problem with potentially devastating security consequences was seemingly not being addressed: “Gemini is susceptible to indirect prompt injection attacks,” the report stated, and illustrating just how these attacks “can occur across platforms like Gmail, Google Slides, and Google Drive, enabling phishing attempts and behavioral manipulation of the chatbot.” Jason Martin and Kenneth Yeung, the security researchers involved in writing the detailed technical analysis, said that, as part of the responsible disclosure process, “this and other prompt injections in this blog were reported to Google, who decided not to track it as a security issue and marked the ticket as a Won’t Fix (Intended Behavior).”, I thought it was worth talking to my contacts at Google as I dug deeper into what was going on here.New Orleans Truck Attack: Bourbon Street Could Re-Open This Afternoon (Live Updates), but here’s the security issue in as small a nutshell as I could get to fit. Like most large language models, Google’s Gemini AI is susceptible to what are known as indirect prompt injection attack
Gmail Security Gemini AI Prompt Injection Google Workspace
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Gmail Security Warning As Emails Vanish—Here’s The Fix From GoogleAs Gmail messages vanish into the ether, Google insiders provide the fix for email senders—here’s what you need to know.
Read more »
Google’s Gmail Upgrade—Why You Need A New Email Address In 2025A huge update for 2 billion Gmail users is coming—and this one is critical. Here's what you do.
Read more »
Gmail Takeover Hack Attack—Google Warns You Have Just 7 Days To ActDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Gmail Takeover Hack Attack—Google Warns You Have Just 7 Days To ActDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Gmail Takeover Hack Attack—Google Warns You Have Just 7 Days To ActAs Gmail users complain hackers have compromised accounts, changing passwords and passkeys in the process, Google advises they have 7 days to regain control—here’s how.
Read more »
As Gmail Messages Disappear Into The Ether—Here’s The Fix From GoogleAs Gmail messages vanish into the ether, Google insiders provide the fix for email senders—here’s what you need to know.
Read more »