Overview

• Google credited Ben Nassi’s team for responsibly disclosing a Calendar invite vulnerability that could hijack Gemini and leak sensitive user data.
• The flaw allowed attackers to embed hidden instructions in event titles or beyond the five-event view to exfiltrate emails, calendar entries and control smart-home devices.
• Researchers demonstrated that routine prompts like “thanks” can trigger Gemini to execute malicious commands, underscoring the stealth nature of promptware exploits.
• Gemini’s integration across Gmail, Google Home, Android and Workspace magnifies the threat by giving the assistant broad cross-service permissions.
• Security experts warn that traditional firewalls and antivirus tools cannot block prompt-injection attacks and recommend limiting AI assistant privileges and sanitizing inputs.