Google’s AI assistant has a problem, and the company doesn’t seem too bothered about fixing it. Security researcher Viktor Markopoulos from FireTail recently discovered that Gemini is vulnerable to something called ASCII smuggling attacks, but when he reported it to Google, the tech giant basically shrugged it off.
To put things in a simple manner, here’s how it works. Attackers can hide invisible instructions in places like emails or calendar invites using special characters that you can’t see, but Gemini can definitely read. Think of it like writing a secret message in invisible ink that only the AI can detect. When you ask Gemini to summarize an email or check your calendar, it picks up these hidden commands and follows them without you knowing.
This gets pretty scary when you consider that Gemini now connects with Google Workspace. Someone could send you what looks like a normal calendar invite, but buried in there are invisible instructions telling Gemini to dig through your inbox for passwords, financial information, or sensitive files.
The AI could even be tricked into sending your contact details elsewhere, essentially turning a simple phishing email into an automated data theft machine.
Markopoulos tested several popular AI tools and found that ChatGPT, Claude, and Microsoft’s Copilot have protections against this type of attack. Gemini, along with DeepSeek and Grok, doesn’t. He even demonstrated how easy it is by getting Gemini to recommend a potentially malicious website for buying phones.
When Markopoulos reported this to Google in September, the company dismissed it as a social engineering issue rather than a real security bug. Translation: they’re putting the responsibility on users to spot these attacks themselves, rather than building in protections like their competitors have done.
Amazon has already published security guidelines about this exact type of vulnerability, but Google appears content to leave Gemini exposed.
Via: BleepingComputer
TechIssuesToday primarily focuses on publishing 'breaking' or 'exclusive' tech news. This means, we are usually the first news website on the whole Internet to highlight the topics we cover daily. So far, our stories have been picked up by many mainstream technology publications like The Verge, Macrumors, Forbes, etc. To know more, head here.
Dwayne Cubbins
1344 Posts
For nearly a decade, I've been deciphering the complexities of the tech world, with a particular passion for helping users navigate the ever-changing tech landscape. From crafting in-depth guides that unlock your phone's hidden potential to uncovering and explaining the latest bugs and glitches, I make sure you get the most out of your devices. And yes, you might occasionally find me ranting about some truly frustrating tech mishaps.
Follow Us
