Google issues red alert as new cyber attack targets Gmail users using AI with ‘indirect prompt injections’ | Trending

Google, which has 1.8 billion Gmail users worldwide, recently issued a serious warning about a new kind of cybersecurity threat linked to advances in artificial intelligence, reported Men’s Journal.

Google alerted everyone about a new type of cyberattack called “indirect prompt injections.”

Also Read: ₹300 crore fine in Australia for doing this ‘deal’ in mobiles”>Google to pay around ₹300 crore fine in Australia for doing this ‘deal’ in mobiles

Google warns of wave of new threats

This threat affects not just people but also businesses and governments. In a detailed blog post, Google explained the danger, “With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections.”

The difference with this attack is that instead of directly putting harmful commands into the AI prompt, hackers hide malicious instructions inside things like emails, documents, or calendar invites. These hidden commands can make the AI leak user data or do other bad things, the post explained.

Google warned that this threat puts everyone at risk. “As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security measures,” the blog added.

Hackers use Google AI Gemini to steal passwords

Tech expert Scott Polderman said hackers are using Google’s AI assistant, Gemini, to steal user information. Hackers send emails with hidden commands that make Gemini reveal passwords without the user knowing, as reported by The Mirror report.

This warning comes as more people use AI for personal things like dating and relationship advice. Scott said this scam is different from older ones because it’s “AI against AI” and could cause more attacks like this.

He explained that these hidden commands trick the AI into working against itself, making users accidentally give away their login details.

Scott also pointed out that there’s no link to click for the scam to work, it happens when Gemini itself shows a message warning users they are at risk.

He reminded everyone that Google has said it will never ask for login details or alert users about fraud through Gemini.