Google Patches Critical Gemini AI Vulnerabilities
Google has patched three critical vulnerabilities in its Gemini AI suite, which could have allowed attackers to manipulate the assistant and extract user information. The issues affected Gemini Cloud Assist, Gemini Search Personalisation Model, and Gemini's Browsing Tool.
The first vulnerability in Gemini Cloud Assist allowed attackers to inject poisoned log entries, influencing Gemini's behaviour or attempting cloud resource access. Meanwhile, the third issue in the Gemini Browsing Tool enabled attackers to trick the tool into sending hidden outbound requests, embedding private information to attacker-controlled servers.
Enterprises are advised to treat AI-driven features as active attack surfaces. Regular audits of logs, search histories, and integrations should be conducted to detect signs of manipulation or poisoning. Monitoring for unusual outbound requests is crucial, as such activity could indicate attempts at data exfiltration. Infiltration could occur through indirect prompt injection, where attacker-controlled content is silently pulled into Gemini's context, and tool execution provides a pathway for attackers to embed sensitive information into outbound requests. In Gemini Search Personalisation Model, attackers could insert queries into a victim's Chrome search history, exposing saved data and location information.
Google has remediated the vulnerabilities, and no action is required from end users. However, this incident serves as a reminder that routine AI features can serve as entry points for attackers, turning normal functionality into potential vulnerabilities. Enterprises should remain vigilant and proactive in protecting their AI-driven systems.
