Google recently patched multiple vulnerabilities in its Gemini AI assistant that could have allowed attackers to manipulate the system for data theft and malicious activities. The attacks involved indirect prompt injection techniques targeting various Google Cloud services and features, raising concerns about AI and cloud security risks. #Gemini #Tenable
Keypoints
- Researchers at Tenable uncovered three distinct attack methods exploiting Geminiβs features.
- The first attack involved manipulating log analysis via indirect prompt injection on Gemini Cloud Assist.
- Multiple Google Cloud services, including Cloud Functions and API Gateway, were vulnerable to unauthenticated requests.
- The second attack used search history as a vector to inject malicious prompts into user browsing data.
- The third attack exploited Geminiβs browsing tool to exfiltrate sensitive data via web page summarization.
Read More: https://www.securityweek.com/google-patches-gemini-ai-hacks-involving-poisoned-logs-search-results/