Cybersecurity researchers have successfully demonstrated how Google’s Gemini AI assistant can be manipulated to control smart home devices, without the user realising it. As first reported by Wired, the exploit used a method called indirect prompt injection, embedded within Google Calendar invites.
When the user asked Gemini to summarise their calendar and responded with a simple “thank you,” the malicious prompt triggered hidden instructions. These commands were then interpreted by Google’s Home AI agent, leading to actions like opening windows or turning off lights.
The vulnerability was disclosed to Google in February, ahead of a live demonstration at the Black Hat cybersecurity conference. Andy Wen, senior director of security product management for Google Workspace, acknowledged the issue in a conversation with Wired.
Wen said real-world prompt injection attacks are still “exceedingly rare” but admitted they are hard to defend against, given the growing complexity of large language models. “It’s going to be with us for a while,” he said, adding that Google has taken the findings “extremely seriously” and is accelerating efforts to develop stronger defences.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
