A flaw in Google Gemini for Workspace can be exploited by hackers to insert malicious instructions that could misdirect the AI tool and cause it to direct users to phishing sites.
As reported by Bleeping Computer, this vulnerability works by creating email summaries that look entirely normal, but include malicious instructions or warnings that are hidden and automatically obeyed by Gemini when it generates a message summary.
The process works by creating an email that holds an invisible directive for Gemini, by hiding instructions in the body text at the end of the message using HTML and CSS code then setting the font size to zero and the color to white. Since this additional text doesn’t include any attachments or links, it won’t be flagged or caught by the best antivirus software or email programs so it is likely to make it through to a potential victim's inbox.
When a target opens an email, then requests that Gemini summarizes the contents, the AI program will automatically obey the hidden instructions that it sees. Users often put their trust into Gemini’s ability to work with content as part of Workspace; the alert is considered a legitimate warning instead of a malicious injection.
Figueroa, the manager at Mozilla’s GenAI Bug Bounty Program who detected the flaw, offers a few ideas to prevent this threat: have security teams remove, naturalize or ignore content styled to be hidden in body text. Alternatively, implement filters that scan Gemini for urgent messages, URLs, phone numbers and flag those for additional review from users.
More from Tom's Guide
- Nearly 2 million people hit by malicious Chrome installations that can track you — what to do now
- This dangerous banking trojan now uses scheduled maintenance to hide its malicious activities — don’t fall for this
- New Android attack could trick you into compromising your own phone — everything you need to know
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
