Google Calendar invites let researchers hijack Gemini to leak user data

SafeBreach researchers discovered a critical vulnerability in Google's Gemini AI assistant that allowed attackers to remotely hijack the system through malicious calendar invites.

The attack exploited prompt injection techniques embedded in Google Calendar event titles to compromise Gemini without requiring any user interaction beyond normal assistant usage. When users asked Gemini about their calendar events, the AI would process the malicious prompts as legitimate instructions, treating hostile commands as part of regular conversation flow.

• Attackers could exfiltrate email content, calendar information, track user locations, and control smart home devices through Google Home integration
• The vulnerability bypassed existing prompt filtering and protection measures, demonstrating sophisticated evasion capabilities
• Google has since patched the issue following responsible disclosure, implementing new safeguards to defend against similar adversarial attacks
• The attack highlights ongoing security challenges with AI assistants that have broad system permissions across multiple Google services