Google Gemini flaw allows hackers to deceive email summaries

Security researchers have discovered a critical flaw in Google Gemini for Workspace that enables hackers to insert malicious commands within email content.

The attack involves embedding hidden HTML and CSS instructions, which Gemini processes during email summaries instead of displaying the actual content.

Attackers utilize invisible text styling like white-on-white fonts or zero font size to include fake alerts that seem to come from Google.

When users use Gemini's 'Summarise this email' feature, these concealed instructions prompt deceptive alerts encouraging users to dial fake numbers or visit phishing websites, potentially compromising sensitive data.

Unlike traditional scams, no links, attachments, or scripts are required—only carefully crafted HTML within the email body. The vulnerability extends beyond Gmail to impact Docs, Slides, and Drive, sparking concerns of AI-driven phishing attacks and self-replicating 'AI worms' across Google Workspace services.

Experts recommend that businesses implement inbound HTML checks, LLM firewalls, and user training to view AI summaries as purely informational. They urge Google to cleanse incoming HTML, enhance context attribution, and provide visibility for hidden alerts processed by Gemini.

Security teams are reminded that AI tools are now part of the attack surface and should be monitored accordingly.

If you're interested in learning more about AI, technology, and digital diplomacy, feel free to inquire with our Diplo chatbot!

According to the source: Digital Watch Observatory.