Prompt-injection lets hidden CSS commands hijack Google Gemini for Workspace.

Security firm 0din demonstrated that attackers can hide malicious prompts in emails by using white text and zero-size CSS to trick Google Gemini for Workspace into generating fake security alerts and directing users to call scam numbers. Gemini faithfully executes embedded instructions because it does not authenticate or isolate prompts from benign content during summarization, leaving features like Docs and Drive likewise vulnerable. Researchers classify the risk as moderate but warn organisations to treat AI assistants as part of their attack surface, sandbox third-party inputs, and apply strong context isolation until a permanent fix is confirmed.

Read more:

https://cybernews.com/security/malicious-emails-poisoning-google-gemini/