Overview

• Google confirmed a patch for the calendar invite vulnerability disclosed by SafeBreach researchers in August
• The flaw allowed hidden indirect prompt injections in event titles to enter Gemini’s context and trigger unauthorized actions
• Demonstrations by SafeBreach and Tel Aviv University showed promptware can exfiltrate emails, commandeer smart-home devices, and hijack Zoom calls
• Google is deploying multi-layer defenses including model hardening, purpose-built ML detectors, URL sanitization, and extra confirmations for sensitive tasks
• Security experts caution that indirect prompt-injection threats persist and recommend limiting AI assistants’ access to sensitive data and services