A critical vulnerability has been identified within the Gemini function integrated into Gmail, allowing hackers to execute phishing attacks through artificially generated email summaries. This was reported by BleepingComputer, citing information from 0DIN.

The vulnerability was discovered by Marco Figueroa, manager of the GenAI Bug Bounty program at Mozilla. Figueroa explains that attackers can conceal malicious instructions within the email body by formatting them in white and reducing the font size to zero, making the text invisible to users but detectable by Gemini's AI. As a result, the AI may automatically include false alerts in the summaries, such as bogus password breach notifications, along with fake support numbers.

While some users may ignore such messages, others could fall victim to the emotional manipulation of this content. Figueroa emphasizes that security teams should develop methods for detecting hidden information and analyze AI-generated summaries for any URLs, phone numbers, or urgent messages.

BleepingComputer reached out to Google regarding this vulnerability in Gemini. A company representative stated that there has been no evidence of abuse so far but added that Google is actively working on protective measures and will soon implement additional security protocols.