mashable.com
Google’s Gemini AI, despite recent updates, faces a critical privacy flaw identified by Miggo Security researchers. Hackers can exploit this via a technique called “Indirect Prompt Injection” using a simple Google Calendar invite. The attack tricks Gemini into summarizing a user’s private meetings, creating a new calendar event with that sensitive data, and displaying it to the attacker. While the user sees a “free time slot,” their private schedule is compromised. Researchers warn this vulnerability is not unique to Gemini and urge AI developers to implement stricter intent attribution to prevent such exploits.
Read More
