Researchers have discovered a security flaw that allowed Google’s Gemini AI assistant to be hijacked through malicious Google Calendar invites, potentially leaking sensitive user data and controlling smart devices without permission.
The attack worked by hiding specific instructions inside event titles. When Gemini was asked about a user’s schedule, it would unknowingly follow these hidden commands, which could include reading emails, tracking locations, starting video calls, deleting events, or changing smart home settings.
The technique, known as indirect prompt injection, did not require hacking into Gemini’s systems. Researchers demonstrated 14 different attack scenarios, such as opening window shutters or turning on a boiler, all triggered by seemingly harmless user interactions. In one case, a simple “thanks” was enough to activate the malicious instructions.
Google was notified of the vulnerability in February 2025 and has since implemented new protections, including prompt detection, output filtering, and extra confirmation steps before sensitive actions.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
