Google's artificial intelligence suite Gemini has been impacted by three security flaws, which could be harnessed to facilitate log and data compromise via indirect prompt injection, SiliconANGLE reports.First of the now addressed "Gemini Trifecta" vulnerabilities is an issue in Gemini Cloud Assist, which could be leveraged to enable the poisoning of log data with illicit payloads that could lead to phishing link generation and sensitive cloud asset querying, according to a Tenable analysis.On the other hand, exploitation of the Gemini Search Personalization Model bug could allow clandestine injections into Chrome search history that could result in outputting links with personal information and other private details. Meanwhile, threat actors could abuse the Gemini Browsing Tool defect to create seemingly legitimate prompts in a bid to covertly obtain sensitive data from targeted devices.Such findings should prompt organizations to adopt input sanitization, context validation, and routine prompt injection resilience testing across their AI-powered platforms.
AI/ML, Vulnerability Management
Trio of Google Gemini vulnerabilities uncovered
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds