Edgar Cervantes / Android Authority
TL;DR
- A security researcher found that Gemini is susceptible to ASCII smuggling attacks.
- These attacks hide malicious prompts in emails or calendar invites that LLMs can read when asked to summarize text.
- Google has dismissed the threat as a social engineering attack, placing the responsibility on the end user.
Google tends to take the security of its users seriously, implementing a range of measures to keep its products safe to use. In fact, that’s part of the thought process behind the company’s crackdown on sideloading apps from unverified developers on Android. But it looks like the company isn’t too concerned about fixing an issue that makes Gemini susceptible to a troubling type of cyber threat.
Don’t want to miss the best from Android Authority?
According to Bleeping Computer, security researcher Viktor Markopoulos tested some of the most popular LLMs against ASCII smuggling attacks. Markopoulos found that Gemini, DeepSeek, and Grok were susceptible to this type of cyberattack. However, Claude, ChatGPT, and Copilot had protections, proving these options to be secure.
If you’re unfamiliar with this type of cyber threat, ASCII smuggling involves “smuggling” (hiding) a prompt for an AI to read. For example, the bad actor could write a secret prompt in an email in the smallest font size available, and the victim would be none the wiser. If the victim were to ask an AI tool, like Gemini, to summarize the text in the message, the AI would also read this covert prompt.
There are a few reasons why something like this is problematic. For example, the prompt could tell the AI to search your inbox for sensitive information or send contact details. Considering that Gemini is now integrated with Google Workspace, this issue poses an even higher risk.
Markopoulos reportedly reached out to Google with this discovery. He even went as far as to provide a demonstration where he passed on an invisible instruction to Gemini. The AI ended up getting tricked into sharing a malicious site for a good-quality, discounted phone. However, it’s reported that Google dismissed the issue as not a security bug, but rather a social engineering tactic. Essentially, the company is saying that the onus falls on the end user.
Given the response, it sounds like Google has no plans to patch this Gemini security problem.
Thank you for being part of our community. Read our Comment Policy before posting.
