Latest news with #GoogleGeminiforWorkspace
&w=3840&q=100)
Business Standard
5 days ago
- Business Standard
Gmail's Gemini-powered summaries may expose users to security risks: Report
Google has been gradually integrating new AI capabilities into its mobile Gmail app. In June, it introduced a feature powered by Gemini that generates summaries of emails and lengthy threads. According to a report by The Indian Express, a recently uncovered security flaw indicates that these AI-generated summaries can be misused to display harmful instructions and embed links to malicious websites. Indian Express cites Marco Figueroa, GenAI Bug Bounty Programs Manager at Mozilla, stating that a security researcher uncovered a prompt injection flaw in Google Gemini for Workspace, which let attackers 'hide malicious instructions inside an email' that triggered when users clicked the 'Summarise this email' button in Gmail. Attack through Gemini: How does this work As per the report, hackers found a way to hide secret instructions in emails that trick Google's Gemini AI. They did this by placing hidden text at the end of the email using HTML and CSS, making the font size zero and the colour white so it could not be seen. Because these emails do not contain attachments, they can easily pass through Google's spam filters and reach users' inboxes. When someone opens the email and clicks 'Summarise this email' using Gemini, the AI follows the hidden commands without knowing they are harmful. Mozilla's Marco Figueroa explained how such prompt injections can be detected with: Gemini can be updated to ignore or remove hidden text in emails. Google can use a post-processing filter to scan Gemini's output for: Urgent messages, Phone numbers, Suspicious links. These flagged elements can then be reviewed for potential threats. Google has reportedly issued a statement to BleepingComputer, stating, 'We are constantly hardening our already robust defenses through red-teaming exercises that train our models to defend against these types of adversarial attack." The company representative clarified to BleepingComputer that some of the mitigations are in the process of being implemented or are about to be deployed. The report further states that Google has seen no evidence of incidents manipulating Gemini in the way demonstrated in Figueroa's report.
Indian Express
6 days ago
- Indian Express
Gmail's AI email summaries can be hacked to redirect users to phishing sites
Google has been steadily adding new AI features to the mobile Gmail app. Earlier this year, in June, the company rolled out a new feature that used Gemini to show a summarised version of emails or long threads. While the functionality is useful, a newly found security flaw suggests that Gmail's AI email summaries can be exploited to show harmful instructions and inject links to malicious websites. According to Mozilla's GenAI Bug Bounty Programs Manager, Marco Figueroa, a security researcher demonstrated how a prompt injection vulnerability in Google Gemini for Workspace allowed hackers to 'hide malicious instructions inside an email', which were activated when users clicked on the 'Summarize this email' option in Gmail. The process involved threat actors creating an email with invisible instructions for Gemini that were hidden in the body at the end of the message using HTML and CSS by setting the font size to zero and changing the text colour to white. As there are no attachments in these emails, the message is highly likely to bypass Google's spam filters and reach the target's inbox. When the recipient opened their email and asked Gemini to generate a summarised version of the email, the AI tool was found to obey these hidden instructions. These malicious instructions caused Gmail to show a phishing warning, which looked like it came from Google itself. Since the warning is coming from Gemini itself, many users won't even think twice about it, which is what makes the exploit very dangerous. Figueroa also shares some ways in which these injection prompts can be detected and dealt with. One way is that Gemini can either remove or ignore the content hidden in the body text. Alternatively, Google can also use a post-processing filter that scans Gemini's output for things like urgent messages, phone numbers and URLs and flags them for further review. When BleepingComputer asked Google about the security exploit and how it plans to prevent such attacks, a company spokesperson said that some mitigations were in place and others were being implemented. The tech giant also said that, as of now, there are no hackers using this trick in real-world attacks, but the research does show that it's possible to do so. Google may be very good at finding and fixing such security loopholes, but threat actors are usually known for thinking one step ahead. We suggest users not to blindly trust any AI-generated email summaries and check links and emails before clicking on them.
Tom's Guide
14-07-2025
- Tom's Guide
Google Gemini for Workspace has been exploited to send emails with hidden malicious messages
A flaw in Google Gemini for Workspace can be exploited by hackers to insert malicious instructions that could misdirect the AI tool and cause it to direct users to phishing sites. As reported by Bleeping Computer, this vulnerability works by creating email summaries that look entirely normal, but include malicious instructions or warnings that are hidden and automatically obeyed by Gemini when it generates a message summary. The process works by creating an email that holds an invisible directive for Gemini, by hiding instructions in the body text at the end of the message using HTML and CSS code then setting the font size to zero and the color to white. Since this additional text doesn't include any attachments or links, it won't be flagged or caught by the best antivirus software or email programs so it is likely to make it through to a potential victim's inbox. When a target opens an email, then requests that Gemini summarizes the contents, the AI program will automatically obey the hidden instructions that it sees. Users often put their trust into Gemini's ability to work with content as part of Workspace; the alert is considered a legitimate warning instead of a malicious injection. Similar attacks have been reported over the last year, though safeguards have been implemented in order to block the misleading responses, the technique has remained successful overall which is why it is still in use. Bleeping Computer says that when they asked Google about defenses to counter these types of attacks, a spokesperson referenced a blog post about prompt injection attacks and said that some of the mitigations are in the process of being implemented or are about to be deployed. Google also said it has no evidence that this attack has occurred in the wild. Figueroa, the manager at Mozilla's GenAI Bug Bounty Program who detected the flaw, offers a few ideas to prevent this threat: have security teams remove, naturalize or ignore content styled to be hidden in body text. Alternatively, implement filters that scan Gemini for urgent messages, URLs, phone numbers and flag those for additional review from users. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. For now though, you just need to be careful when having Gemini summarize your emails as you never know what could be hiding inside them. Hopefully, Google rolls out a fix for this new type of attack sooner rather than later.
