A significant vulnerability has been identified in the Gemini function integrated into Gmail, which could be exploited by hackers to carry out phishing attacks using artificially generated email summaries. This was reported by BleepingComputer, citing 0DIN.

The vulnerability was discovered by Marco Figueroa, the manager of the GenAI Bug Bounty program at Mozilla. According to Figueroa, malicious actors can conceal instructions within the body of an email by formatting them in white and reducing the font size to zero, rendering the text invisible to humans but accessible for Gemini analysis. Consequently, the AI may automatically insert false alerts into the summaries, such as fake password breach notifications accompanied by bogus support numbers.

While some users may disregard such messages, others could fall prey to the emotional manipulation of this content. Figueroa emphasizes that security teams should develop methods to detect hidden information and analyze the AI-generated summaries for the presence of URLs, phone numbers, or urgent messages.

BleepingComputer reached out to Google regarding this vulnerability in Gemini. A spokesperson for the company responded that no evidence of abuse had been seen thus far, but added that Google is already working on protective measures and will implement additional security protocols soon.