Gmail's AI email summaries vulnerable to phishing attacks

Technology Jul 16, 2025

Hackers have found a way to sneak invisible instructions into emails, fooling Gmail's Gemini-powered summaries.
These hidden prompts make fake alerts look legit, slipping past existing security measures and traditional spam filters.

How attackers are manipulating the AI

Attackers use sneaky tricks like white-on-white text, zero-size fonts, or invisible characters—so you never see the instructions, but Gemini's AI does.
This means you could get a summary that sounds trustworthy but is actually misleading or risky.

What experts say

Experts say it's smart to be skeptical of AI-generated email summaries for now.
Double-check anything that seems off, don't click sketchy links, and turn on advanced email filters if you can.
Staying alert helps keep your inbox—and your info—safe.