There is a new warning relating to the AI chatbot “Gemini” that is integrated into Gmail, as a security researcher has proved that you can trick the chatbot using a technique called “prompt injection” that displays harmful and fake messages to Gmail users, without them realizing it.
Marco Figueroa, who heads a GenAI Bug Bounty Program run by Mozilla, was the researcher who found and demonstrated this issue, and he reported the finding though Mozilla’s AI bug bounty platform 0din. According to him, the chatbot in Gmail that can summarize emails and rewrite messages can be compromised using hidden commands.
What we see in this instance is called “prompt injection.” This is an attack on AI tools that works by sending the AI language models it uses specific hidden commands; it causes it to behave or respond in an alternative or dangerous manner when used. In this instance, it was “indirect” prompt injection— the hacker was not directly communicating with the AI, the hidden prompts would be in a email, document, or webpage.
Figueroa shared how he wrote a lengthy email, embedding the prompt injection text secretly at the bottom of the email. This didn’t have any links or files attached, allowing it to slip by spam filters and into the user’s active inbox.
As if that were not bad enough, the hidden portion could even be made to be invisible to the naked eye. The attacker could employ white text on a white background, highlight the text with CSS that reduced the font size to zero pixels, or use HTML to move it off the visible part of the screen.
Thus, when a user clicked the Gemini “Summarize Email” feature, the chatbot read the email (including the hidden portion) and executed the hidden command without the user ever having seen that this command
existed.
Figueroa also noted that the likelihood of Gemini executing the command increased, the more the attacker wrapped the commands in meta tags such as “admin,” as these tags made the command stand out as being important to the AI.
In one experiment, the researcher demonstrated that Gemini summarized the email with the attacker’s hidden message incorporated. As the summary was provided from Gemini—a well-regarded Google tool—users might be more inclined to trust it and take the scam actions.
Also Read: Best 12GB RAM Smartphones For 2025 In India
Bleeping Computer reached out to Google for a statement. A company representative said they have not yet observed any legitimate cases where this twist has been used against users. Google remarked that they are already working on safety measures to prevent a prompt injection attack.
This discovery indicates a need for more safety precautions around using AI tools in everyday applications like Gmail, as even the smartest systems can be tricked in creative ways.
Share
Vivo T4R 5G Slimmest Quad-Curved Display Phone To Launch Soon In India
Ravi Teja's Father Passes Away at 90
