
The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.
Researchers found Google's Gemini for Workspace AI assistant vulnerable to indirect prompt injection, allowing attackers to embed malicious instructions in emails or documents. This can manipulate AI outputs, potentially leading to phishing attacks or misleading messages. Google was notified but dismissed the issue as intended behavior, leaving users at risk.[AI generated]
Why's our monitor labelling this an incident or hazard?
The event involves an AI system (Google Gemini for Workspace) that is susceptible to indirect prompt injection attacks, which manipulate the AI's outputs in ways that could mislead users or facilitate phishing attacks. This constitutes a direct or indirect cause of harm to users' security and privacy, fitting the definition of an AI Incident due to violations of user rights and potential harm to individuals. The fact that the vulnerability has been exploited in proofs-of-concept and reported to Google, with no remediation, confirms the realized risk rather than a mere potential hazard.[AI generated]