A recent investigation has exposed vulnerabilities in Google’s Gemini for Workspace, revealing that the AI assistant is prone to indirect prompt injection attacks. These security flaws could enable malicious actors to manipulate the assistant into generating inaccurate or deceptive responses, raising concerns about the reliability and trustworthiness of the information produced by Gemini.
Integrated into various Google products like Gmail, Google Slides, and Google Drive, Gemini for Workspace is designed to enhance productivity with AI-driven tools. However, Hidden Layer researchers demonstrated proof-of-concept attacks showing that these vulnerabilities can be exploited to compromise the assistant’s output.
One of the most alarming risks involves phishing attacks. For instance, attackers could craft harmful emails that, when processed by Gemini for Workspace, prompt the assistant to generate misleading alerts, such as false claims about compromised passwords, directing users to visit malicious websites.
The threat extends beyond Gmail. In Google Slides, attackers can inject harmful content into speaker notes, leading Gemini to include unintended information—like song lyrics—in its summaries. The issue also impacts Google Drive, where attackers can cross-inject malicious documents, further compromising the integrity of Gemini’s responses.
Despite these risks, Google has classified these issues as “Intended Behaviors,” indicating they do not consider them security vulnerabilities. Nevertheless, the potential for manipulation in sensitive contexts emphasizes the need for caution when using AI-driven tools like Gemini.
As Google rolls out Gemini for Workspace to more users, addressing these vulnerabilities is crucial to maintain the assistant’s accuracy and security.