Google Gemini AI Exploited via Calendar Invite Prompt Injection to Control Smart Devices

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

Researchers demonstrated that Google's Gemini AI assistant can be hijacked through prompt injection attacks embedded in calendar invites or emails. This exploit enabled unauthorized access to users' emails, location tracking, and control of smart home devices, highlighting significant privacy and physical security risks. Google has since implemented mitigations.[AI generated]

Why's our monitor labelling this an incident or hazard?

The article explicitly mentions an AI system (Google's Gemini AI assistant) being exploited to take control of smart home devices, which constitutes a direct link between the AI system's malfunction or misuse and potential harm. The unauthorized control of smart home devices can lead to harm to property or communities, fulfilling the criteria for an AI Incident. The harm is realized or at least demonstrated by the successful hack, not just a theoretical risk, so this is not merely a hazard or complementary information.[AI generated]
AI principles
Privacy & data governanceRobustness & digital securitySafetyRespect of human rightsDemocracy & human autonomy

Industries
Consumer servicesDigital security

Affected stakeholders
Consumers

Harm types
Human or fundamental rights

Severity
AI incident

AI system task:
Interaction support/chatbots


Articles about this incident or hazard