Gemini AI assistant tricked into leaking Google Calendar data
BleepingComputer • • technology
Key Points:
- Researchers at Miggo Security discovered a prompt injection attack that exploits Google Gemini, allowing attackers to leak private Calendar data by embedding malicious instructions in event descriptions.
- The attack activates when a victim asks Gemini about their schedule, causing the assistant to summarize private meetings and create a new event containing sensitive information visible to event participants.
- Gemini's natural language processing and event data ingestion enable attackers to bypass Google's isolated model designed to detect malicious prompts, as the injected instructions appear harmless.
- This vulnerability persists despite previous defenses implemented after a similar 2025 attack, highlighting ongoing challenges in securing AI systems that interpret ambiguous natural language inputs.
- Miggo has shared the findings with Google, which has introduced new mitigations, while researchers emphasize the need
