Google fixed a critical zero-click security flaw in Gemini Enterprise that allowed silent data exfiltration via indirect prompt injection. The vulnerability exploited trust boundaries in AI-driven search, highlighting the need for enhanced AI security measures. #GeminiJack #NomaSecurity
Keypoints
- Researchers at Noma Security discovered the GeminiJack vulnerability in Googleβs AI tools.
- The flaw enabled silent exfiltration of sensitive data through indirect prompt injection.
- Attackers created poisoned documents that triggered data extraction without user interaction.
- Google responded by separating Vertex AI Search from Gemini Enterprise and issuing patches.
- Experts warn that broader AI access privileges could lead to new exfiltration attacks, urging better security practices.
Read More: https://thecyberexpress.com/google-geminijack-zero-click-data-leak/