Overview
- Miggo Security showed that a Google Calendar invite carrying natural‑language instructions could induce Gemini to create a new event that contains summaries of a user’s private meetings.
- The payload remained dormant until the user asked Gemini about availability or schedules, at which point the assistant parsed the invite and executed the hidden instructions.
- Exfiltrated details could include meeting titles, times, attendees, locations, descriptions, and internal project names, creating opportunities for targeted phishing.
- The researchers disclosed the issue to Google, which implemented new mitigations to block similar attacks, while one outlet reported Google confirmed and eradicated the vulnerability.
- The attack bypassed Gemini’s separate malicious‑prompt detector by appearing innocuous, echoing a 2025 SafeBreach demo, and researchers urged context‑aware defenses plus practical steps like disabling auto‑add and restricting event detail visibility.