A recently discovered vulnerability in Google Gemini’s AI-powered Gmail summaries exposes users to a new breed of phishing attacks. Hackers can exploit Gemini’s summarization feature by embedding invisible text in emails using HTML and CSS. While these hidden messages are not visible to users, Gemini processes them and can summarize malicious instructions as part of its output. One documented attack involved the AI-generated summary warning users of a compromised Gmail password and providing a fraudulent support number. Google has acknowledged the risk but claims no evidence of active exploitation and says it is rolling out further security measures. Security experts recommend filtering out hidden text and monitoring AI outputs for suspicious content. For end users, heightened skepticism toward urgent AI-generated warnings is advised, especially if the summary content doesn’t align with the visible email.

Key Points: - Gemini’s Gmail summarization can be manipulated via invisible text, enabling prompt injection attacks. - Attackers bypass traditional spam filters by avoiding links and attachments, increasing inbox delivery rates. - Malicious summaries may include urgent warnings and fake support numbers, mimicking official Google alerts. - Google is enhancing defenses against such attacks but recommends vigilance. - Security teams should filter hidden text and flag summaries with suspicious elements.