Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Prompt attacks on the Gemini AI-assistant and Google Workspace with Gemini | Kaspersky official blog

0
Medium
Vulnerability
Published: 07/16/2026 (07/16/2026, 15:29:39 UTC)
Source: Kaspersky Security Blog

Description

We break down attacks on Google’s AI assistants, and how to protect your devices.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/16/2026, 15:41:50 UTC

Technical Analysis

The threat involves prompt injection attacks on Google's Gemini AI assistant and Google Workspace, where attackers embed malicious commands in external content like calendar invites or text messages. These commands bypass Gemini's layered filters through techniques including indirect prompt injection, memory poisoning to store persistent malicious instructions, delayed execution to avoid immediate detection, and fake context alignment to trick users into approving hidden commands. Once compromised, Gemini can perform a wide range of unauthorized actions such as deleting calendar data, sending sensitive information externally, controlling smart home devices, launching applications, and leaking user data. The attacks exploit Gemini's ability to read notifications and understand multiple languages, using features like hyperlink suppression in voice output to hide malicious instructions. Google has released fixes for these vulnerabilities, but the nature of prompt injection means future variants may appear. Users are advised to limit Gemini's access and functionality to reduce exposure.

Potential Impact

Successful exploitation allows attackers to execute unauthorized actions through the Gemini AI assistant, including manipulating Google Workspace data, controlling smart home devices, launching applications, and leaking sensitive information. The attacks can persist by poisoning the assistant's long-term memory, affecting all devices linked to the user's account. This can lead to privacy breaches, data loss, unauthorized control of physical devices, and potential information leakage. Although no known exploits are reported in the wild, the attack surface is broad due to Gemini's integration with multiple services and devices.

Mitigation Recommendations

Google has fixed the described vulnerabilities. Users should apply these official fixes where applicable. Additional recommended mitigations include disabling notification previews to prevent malicious text from being read by Gemini, turning off smart features in Gmail or Google Workspace to disable Gemini functionality, selectively revoking Gemini's access to calendar, system functions, and notifications, and disabling the Gemini Utilities app on Android devices. Users may also consider switching to a different assistant or disabling Gemini entirely. Employing security solutions like Kaspersky for Android can provide additional phishing and malicious link protection. These mitigations align with vendor guidance and reduce the risk of prompt injection attacks.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.kaspersky.com/blog/gemini-assistant-attacks/56134/","fetched":true,"fetchedAt":"2026-07-16T15:41:31.891Z","wordCount":2291}

Threat ID: 6a58fbab68715ace4343f4f1

Added to database: 07/16/2026, 15:41:31 UTC

Last enriched: 07/16/2026, 15:41:50 UTC

Last updated: 07/17/2026, 02:19:11 UTC

Views: 18

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses