Recent research has uncovered serious vulnerabilities in Google’s Gemini for Workspace, an AI assistant integrated across various Google services. These weaknesses make the assistant susceptible to prompt injection attacks, allowing malicious actors to manipulate its output and potentially generate misleading or harmful responses. This raises significant concerns about the security and trustworthiness of AI-powered tools, especially in environments that rely on accurate and reliable information.

Gemini for Workspace is designed to enhance productivity by incorporating AI-powered tools into platforms like Gmail, Google Drive, and Google Slides. However, researchers from Hidden Layer have demonstrated that this versatile assistant is vulnerable to indirect prompt injection attacks, which could be exploited to disrupt the integrity of its outputs. Attackers may use these weaknesses to compromise the assistant’s performance, generating unintended responses that could deceive users.

 Phishing and Payload Injection

One of the most alarming aspects of these vulnerabilities is their potential to facilitate phishing attacks. For instance, attackers could craft malicious emails that trigger Gemini for Workspace to display false alerts, such as warnings about compromised passwords, with deceptive instructions that lead users to malicious websites. This tactic can extend to other Google services as well. In Google Slides, researchers have shown how attackers can embed harmful content in speaker notes, leading the assistant to generate summaries with inappropriate or unintended content, such as song lyrics or misleading information.

The vulnerabilities are not confined to a single Google product. In Google Drive, Gemini for Workspace operates similarly to a RAG (Retrieve, Augment, Generate) instance. This means attackers could potentially manipulate the assistant’s outputs by injecting malicious payloads into shared documents. When the assistant interacts with these files, it could produce compromised or inaccurate information, putting users at risk of interacting with manipulated content.

 Google’s Response and the Importance of Vigilance

Despite the serious implications of these discoveries, Google has classified these vulnerabilities as “intended behaviors,” indicating that the company does not see them as traditional security threats. However, the potential impact on users—particularly in cybersecurity contexts where accuracy and trust are critical—cannot be overlooked. 

These findings underscore the need for increased caution when using LLM-powered tools like Gemini for Workspace. Users should remain vigilant, especially when dealing with sensitive or high-risk information. Given the potential for document manipulation and phishing vulnerabilities, it is essential to take proactive steps to protect against malicious actors seeking to exploit these weaknesses.

As Google continues to roll out Gemini for Workspace to its global user base, addressing these vulnerabilities should be a priority to safeguard the integrity and security of the information generated by this AI assistant.