Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Although a researcher was able to demonstrate that Google Gemini could be tricked into giving users fake information like leading them to malicious websites, Google has said it doesn’t consider this ASCII smuggling attack a true security bug and it has no plans to issue a fix for the flaw.
As reported by BleepingComputer, the company dismissed the findings as being more of an issue of social engineering attacks than an actual security vulnerability.
ASCII smuggling is an attack style that uses special characters from the Tags Unicode block to introduce payloads that are invisible to users, but can still be detected and processed by large language models. – Essentially, this means that it hides letters, numbers or other characters to introduce malicious code to the AI assistant that users can’t see. LLMs have been vulnerable to ASCII smuggling attacks – and similar methods – for quite some time, however, the threat is now higher because agentic AI tools, like Gemini, have both widespread access to sensitive user data and can perform autonomous tasks.
According to the researchers “If users have LLMs connected to their inboxes, an email with hidden commands can instruct them [the AI] to search the inbox for sensitive items, send contact details and then turn a standard phishing attempt into an autonomous data extraction tool.” LLMs that have been told to browse websites could also potentially stumble onto hidden payloads in product descriptions and feed them with malicious URLs to feed back to users.
More from Tom's Guide
- Discord customer info stolen in data breach — how to stay safe
- Massive data leak just exposed the personal info of 6 million shoppers — how to stay safe
- Unity just patched a serious security flaw - update your games and apps now
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
