Gmail's Gemini vulnerable to phishing attacks, research reveals
Heads up if you use Gmail's Gemini AI!
A security researcher found that hackers could trick Gemini into summarizing fake or misleading emails using a technique called prompt injection.
This means scammers don't even need sketchy links or attachments—their messages just look more legit in your inbox summaries.
Google says there haven't been any real cases yet, but they're already working on fixes.
How the attack works
Marco Figueroa, who spotted the flaw through Mozilla's bug bounty program, showed that attackers can hide secret commands in emails using invisible text (like white font on a white background).
When Gemini processes these sneaky emails—especially ones marked as important—it might accidentally follow those hidden instructions and make phishing attempts seem more convincing.
Google is aware and stepping up its security game to keep users safer.