Overview

• At Black Hat USA, researchers from Tel Aviv University, Technion, and SafeBreach Labs publicly demonstrated “Invitation Is All You Need,” a method of embedding malicious instructions in Google Calendar invites to coerce Gemini into controlling lights, blinds, thermostats, boilers, and Zoom calls.
• Google has rolled out layered safeguards for Gemini-powered assistants, including output filtering, robust URL sanitization policies, explicit user confirmations for sensitive actions, and AI classifiers to detect suspect prompts.
• Security teams originally disclosed the calendar-based vulnerabilities to Google in February and the company accelerated broader defenses against prompt injection and related AI-agent exploits.
• Experts warn that as generative AI assistants gain deeper links to personal data and IoT ecosystems, indirect prompt injection and other promptware threats are likely to persist without continuous oversight and secure design.
• In a separate Black Hat presentation, researchers revealed an indirect prompt injection flaw in OpenAI’s ChatGPT Connectors that extracted Google Drive API keys, leading OpenAI to introduce mitigations earlier this year.