Zak Doffman, Contributor
2025-07-14 01:16:00
www.forbes.com
If you see this, it’s an attack.
Google warns Gmail users to beware “a new wave of threats” that exploit AI upgrades to attack users. This includes “indirect prompt injections,” with “malicious instructions [hidden]
within external data sources,” visible to your AI tools but not to you.
A new warning has just been issued for Gmail users, showing this threat in action, putting users at risk as Google’s fast-paced AI upgrades open new attack surfaces. Just as with other deployments, it is proving alarmingly easy to trick AI into hacking users.
The warning via 0din, Mozilla’s zero-day investigative network, follows a researcher “demonstrating a prompt-injection vulnerability in Google Gemini for Workspace that allows a threat-actor to hide malicious instructions inside an email.”
If an attacker hides prompts within an email, when a user clicks “summarize this email” using one of Gmail’s recent AI uplifts, “Gemini faithfully obeys the hidden prompt and appends a phishing warning that looks as if it came from Google itself.”
In this proof, the prompt was hidden using a white-on-white font that means the users would never see it for themselves. But Gemini sees it just fine. “Similar indirect prompt attacks on Gemini were first reported in 2024, and Google has already published mitigations, but the technique remains viable today.”
Beware this hidden Gmail threat.
Gmail users need to ignore any Google warnings within AI summaries — it’s not how Google issues user warnings. 0din advises security teams to “train users that Gemini summaries are informational, not authoritative security alerts” and to “auto-isolate emails containing hidden or
As I have warned before, this is a much wider threat. “Prompt injections are the new email macros, 0din says, and this latest proof of concept “shows that trustworthy AI summaries can be subverted with a single invisible tag.”
0din says that “until LLMs gain robust context-isolation, every piece of third-party text your model ingests is executable code,” which means much tighter controls.
Whether it’s abuse of user-facing AI tools or hijacking AI to design or even execute the attacks themselves, it’s clear that the game has now changed irreversibly.
If you ever see any security warning in a Gmail email summary that purports to come from Google, you should delete the email as it actually contains hidden AI prompts that represent a threat to you, your devices and your data.
Google warns “as more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security measures.”
Enhance your driving experience with the P12 Pro 4K Mirror Dash Cam Smart Driving Assistant, featuring Front and Rear Cameras, Voice Control, Night Vision, and Parking Monitoring. With a 4.3/5-star rating from 2,070 reviews and over 1,000 units sold in the past month, it’s a top-rated choice for drivers. The dash cam comes with a 32GB Memory Card included, making it ready to use out of the box. Available now for just $119.99, plus a $20 coupon at checkout. Don’t miss out on this smart driving essential from Amazon!
Help Power Techcratic’s Future – Scan To Support
If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.
As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!
|
BITCOIN
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge Scan the QR code with your crypto wallet app |
|
DOGECOIN
D64GwvvYQxFXYyan3oQCrmWfidf6T3JpBA Scan the QR code with your crypto wallet app |
|
ETHEREUM
0xe9BC980DF3d985730dA827996B43E4A62CCBAA7a Scan the QR code with your crypto wallet app |
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.
