- by x32x01 ||
Google has issued a red alert to its 1.8 billion Gmail users due to a new cyberattack technique: Indirect Prompt Injections.Here’s how it works:
Attackers embed hidden commands inside emails using invisible text (e.g., white on white, zero-size fonts). When you hit “Summarize this email” in Google Gemini, the AI doesn’t just read it-it executes it.
That means:• Fake but highly convincing security alerts.
• Password reset warnings that aren’t real.
• Subtle nudges to hand over sensitive data.
The scariest part? No links, no shady attachments… just invisible instructions aimed at the AI.
It’s not the human that gets tricked-it’s Gemini itself.
Protection tips:• Don’t blindly trust AI email summaries.
• Always verify sensitive messages manually.
• Delete suspicious emails immediately.
Sources:- https://www.tomshardware.com/tech-i...malicious-instructions-hidden-inside-an-email
- https://www.techradar.com/pro/secur...isplay-fake-email-summaries-in-phishing-scams
- https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home/