Google's Gmail Warning—If You See This, You're Being Hacked
Google warns Gmail users to beware 'a new wave of threats' that exploit AI upgrades to attack users. This includes 'indirect prompt injections,' with 'malicious instructions [hidden]A new warning has just been issued for Gmail users, showing this threat in action, putting users at risk as Google's fast-paced AI upgrades open new attack surfaces. Just as with other deployments, it is proving alarmingly easy to trick AI into attacking users.
The warning via 0din, Mozilla's zero-day investigative network, follows a researcher 'demonstrating a prompt-injection vulnerability in Google Gemini for Workspace that allows a threat-actor to hide malicious instructions inside an email.'
If an attacker hides prompts within an email, when a user clicks 'summarize this email' using one of Gmail's recent AI uplifts, 'Gemini faithfully obeys the hidden prompt and appends a phishing warning that looks as if it came from Google itself.'
In this proof, the prompt was hidden using a white-on-white font that means the users would never see it for themselves. But Gemini sees it just fine. 'Similar indirect prompt attacks on Gemini were first reported in 2024, and Google has already published mitigations, but the technique remains viable today.'
Beware this hidden Gmail threat.
Gmail users need to ignore any Google warnings within AI summaries — it's not how Google issues user warnings. 0din advises security teams to 'train users that Gemini summaries are informational, not authoritative security alerts' and to 'auto-isolate emails containing hidden or elements with zero-width or white text.'
As I have warned before, this is a much wider threat. 'Prompt injections are the new email macros, 0din says, and this latest proof of concept 'shows that trustworthy AI summaries can be subverted with a single invisible tag.'
0din says that 'until LLMs gain robust context-isolation, every piece of third-party text your model ingests is executable code,' which means much tighter controls.
Whether it's abuse of user-facing AI tools or hijacking AI to design or even execute the attacks themselves, it's clear that the game has now changed irreversibly.
If you ever see any security warning in a Gmail email summary that purports to come from Google, you should delete the email as it actually contains hidden AI prompts that represent a threat to you, your devices and your data.
Google warns 'as more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security measures.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Bloomberg
36 minutes ago
- Bloomberg
AI Dating Features Face Rejection From Gen Z
A new Bloomberg Intelligence survey shows younger people are less interested in generative artificial intelligence features on dating apps, which could be a problem for companies investing heavily in such features in an effort to attract new users. Bloomberg's Natalie Lung discusses with Jackie Davalos on 'Bloomberg Tech.' (Source: Bloomberg)
Yahoo
38 minutes ago
- Yahoo
Cognition, maker of the AI coding agent Devin, acquires Windsurf
Cognition, the startup behind the viral AI coding agent Devin, announced in a blog post on Monday that it has signed a definitive agreement to acquire AI coding startup Windsurf. The announcement comes just days after Google hired away Windsurf's CEO Varun Mohan, co-founder Douglas Chen, and research leaders in a $2.4 billion deal, a reverse-acquihire that left the rest of the startup's 250-person team behind. Google's deal occurred just hours after OpenAI's $3 billion offer to acquire Windsurf expired, clearing the way for the AI coding startup to explore other options. The frenzy to acquire Windsurf represents a new peak in the insane race to develop AI coding products. 'The last 72 hours have been the wildest rollercoaster ride of my career,' said Jeff Wang, Windsurf's former head of business, who was made interim CEO of the startup days ago after Google hired the startup's leaders, in a post on LinkedIn. 'To our new teammates at Cognition: we at Windsurf feel incredibly lucky to be joining a team that shares our vision, our deep commitment to our users, and – most importantly – our values.' Cognition says it's acquiring Windsurf's IP and product, which include its AI-powered integrated development environment (IDE), alongside all of the employees who were not hired by Google. Cognition did not announce the price it acquired Windsurf for; however, the company says Windsurf reached $82 million in annualized recurring revenue (ARR), with enterprise ARR doubling quarter-over-quarter. Cognition says Windsurf's user base reached at least 350 enterprise customers and 'hundreds of thousands' of daily active users. Windsurf's team will focus on building out Devin, Cognition's AI coding agent, in the intermediate term, the company said in a press release. Eventually, Cognition says it will integrate Windsurf's IP and capabilities into its own products. Over the weekend, The Information reported that Windsurf employees who had joined in the last year did not receive a payout in Google's billion-dollar reverse-acquihire. Cognition notes in its blog post that 100% of Windsurf employees will participate financially in this deal, and have vesting cliffs waived for their work to date. This is a developing story… Sign in to access your portfolio
CNET
40 minutes ago
- CNET
We Love This Roborock Q10 X5 Robot Vacuum and Mop and It's Now a Massive $180 Off
Summer vacation is in full swing, and parents of kids, pets or both might find it challenging to keep their floors and carpets as clean as they'd like. If that's you, then a robot vacuum and mop combo can help. These handy devices aren't the cheapest, but we've found this Roborock Q10 X5 robot vacuum and mop combo for just $320 at Amazon right now. This represents a discount of 36% and amounts to $180 off the regular price of $500. This is an excellent deal for anyone with tariff concerns who has been wanting a robot vacuum for some time. Of note, Amazon deals tend to go quickly so we suggest acting fast. The Roborock Q10 x5 is available in both black and white, and the current discount applies to either color. But there's more. If you need a more budget-friendly alternative, the Roborock Q8 Max robot vacuum and mop combo is now just $230 at Amazon, down from $400. The Q10 X5 has a suction power of 10,000Pa that can handle dust, dirt, debris, pet hair and other messes so your floors, carpets and rugs stay both clean and fresh. It's equipped with a detangling brush so this robot vacuum can continue to pick up stray pet hairs without delays or clogs. Hey, did you know? CNET Deals texts are free, easy and save you money. Not only does this robot act as a vacuum, it also includes mops for fresh floors. Thanks to LiDAR and smart navigation, this robot vacuum lifts mops whenever carpet is detected. Plus, the Q10 X15 robot vacuum can hold up to seven weeks' worth of debris for effortless maintenance. Looking for a new robot vacuum but not sure if this deal is for you? We've got a list of the best robot vacuums so you can compare before you shop. Why this deal matters The Roborock Q10 X15 robot vacuum and mop combo is down to just $320 and saves you $180. That makes it one of the best inexpensive robot vacuums on the market and it offers a ton of value. From obstacle detection to the capacity to hold up to seven weeks of debris, this robot vacuum and mop combo is an excellent deal for anyone looking to save time on their home upkeep while also saving money.
