Google Gemini AI Vulnerable to ASCII Smuggling Attacks, No Fix Planned

The event involves an AI system (Google Gemini) that is vulnerable to a specific attack method (ASCII smuggling) that can cause the AI to act on hidden malicious commands, leading to potential harm such as data theft or phishing. This is a direct harm linked to the AI system's malfunction or misuse. Despite Google's dismissal, the demonstrated exploit and its potential consequences meet the criteria for an AI Incident because the AI system's use has directly led to a security flaw that can harm users. Therefore, this event is classified as an AI Incident.

The event involves an AI system (Google's Gemini) and a discovered exploit that directly enables harmful outcomes such as misinformation and potential exposure of confidential data, which constitute harm to communities and possibly breach of obligations to protect privacy and information security. The exploit has been demonstrated and is not hypothetical, indicating realized risk. Google's refusal to patch the vulnerability means the harm is ongoing or likely to occur. Therefore, this qualifies as an AI Incident because the AI system's use and malfunction (failure to sanitize inputs) have directly led to significant harm risks.

The article explicitly identifies an AI system (Google's Gemini) and a specific vulnerability in its text interpretation engine that can be exploited to manipulate its outputs via invisible commands. This manipulation can lead to false or unexpected results affecting emails, calendar events, and other integrated services, which constitutes harm to users and communities through misinformation and potential data compromise. Google's refusal to patch the vulnerability despite its security implications means the AI system's malfunction or design flaw is a contributing factor to the harm. The exploit has been demonstrated and is not merely theoretical, indicating realized harm or at least a direct pathway to harm. Hence, this event meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Google's Gemini) whose malfunction (failure to sanitize hidden commands) directly leads to harms including unauthorized manipulation of user data and potential scams, which constitute harm to users and communities. The vulnerability has been exploited or is exploitable in real scenarios, indicating realized or ongoing harm. Therefore, this qualifies as an AI Incident because the AI system's use and malfunction have directly led to significant harms. The refusal to fix the vulnerability exacerbates the risk and impact.

The event involves an AI system (Google Gemini) whose use is directly linked to a security vulnerability that can cause harm by enabling hidden instructions to manipulate AI outputs and automated actions. This manipulation can lead to violations of trust, potential data breaches, and operational disruptions, which are harms to communities and property. The article details realized risks and ongoing security concerns rather than hypothetical future risks, and it discusses mitigation strategies rather than just potential hazards. Therefore, the event meets the criteria for an AI Incident rather than an AI Hazard or Complementary Information.

An AI system (Google's Gemini AI) is explicitly involved, and the vulnerability directly relates to how the AI processes input, enabling malicious actors to exploit it to leak sensitive data. This constitutes a direct or indirect harm to property and potentially to individuals' privacy and organizational security, fitting the definition of an AI Incident. The harm is realized or at least ongoing because the vulnerability can be exploited to cause data breaches. The company's refusal to patch the issue does not negate the harm; rather, it underscores the incident's significance. Therefore, this event qualifies as an AI Incident.

The event involves a malfunction or misuse of an AI system (Google Gemini) that has directly led to realized harms including identity spoofing, data poisoning, and potential data breaches. The AI system processes hidden Unicode characters that humans cannot see, leading to execution of malicious commands without user awareness. This constitutes a violation of security and privacy rights, and harm to users and enterprises. The refusal to patch the vulnerability exacerbates the risk and harm. Competitors have mitigated similar issues, highlighting the negligence in addressing this AI-related security flaw. Therefore, this qualifies as an AI Incident due to direct harm caused by the AI system's vulnerability and its exploitation.

The event involves an AI system (Gemini LLM) explicitly mentioned as vulnerable to ASCII Smuggling attacks that exploit invisible Unicode characters to manipulate AI outputs. The attack leads to direct harms such as identity spoofing, delivery of malicious links, and content poisoning, which can harm users and enterprises. The AI system's malfunction in processing raw input without normalization is a direct cause of these harms. The disclosure and lack of remediation further emphasize the ongoing risk. Hence, this qualifies as an AI Incident due to realized harms linked to the AI system's use and malfunction.

The event involves an AI system (Google's Gemini chatbot) and a security vulnerability that could be exploited to cause harm through social engineering attacks and data extraction. Although no actual harm is reported as having occurred yet, the described vulnerability could plausibly lead to significant harm such as unauthorized data access and privacy violations. Therefore, this situation fits the definition of an AI Hazard, as it could plausibly lead to an AI Incident involving harm to individuals' data and privacy.

An AI system (Gemini) is explicitly involved, and the vulnerability relates to its use and potential misuse. The article does not report any realized harm such as injury, rights violations, or property damage but highlights a plausible risk of social engineering attacks enabled by the AI's behavior. The risk is credible and has been demonstrated in tests, but Google does not acknowledge it as a security bug causing direct harm. Therefore, the event is best classified as an AI Hazard, reflecting a credible potential for harm without evidence of actual harm yet.

The article explicitly involves an AI system (Gemini) and describes a flaw that allows hidden commands to trick the AI into harmful behaviors, including misinformation and privacy violations. These harms fall under violations of rights and harm to communities. The flaw has been demonstrated and reported, and the lack of remediation by Google means the risk is ongoing and realized. Hence, this is an AI Incident as the AI system's malfunction and misuse have directly led or could lead to harm.

The article focuses on the potential security risks posed by AI agents handling passwords and credentials, which could plausibly lead to harm such as unauthorized access or data breaches. However, no actual incident of harm or breach is described. The discussion of 1Password's solution and recommended best practices are responses to these potential risks. Therefore, the event qualifies as an AI Hazard because it concerns plausible future harm from AI systems' use or misuse, but no realized harm is reported. It is not Complementary Information because the main focus is on the risk and mitigation rather than updates on a past incident.

The event involves an AI system (Google's Gemini) that interprets hidden Unicode commands embedded in text inputs, leading to unauthorized actions affecting users' data and privacy. The harm includes potential violations of privacy rights, unauthorized data extraction, and facilitation of phishing attacks, which are direct harms caused by the AI system's behavior. The refusal by Google to patch the vulnerability despite its demonstrated risks further confirms the incident's significance. Hence, this is an AI Incident due to realized and ongoing harm linked to the AI system's use and malfunction.

The article centers on the potential future dangers of AGI and the preparations billionaires are making in response to these risks. It does not report any realized harm caused by AI systems, nor does it describe any incident where AI has directly or indirectly caused injury, rights violations, or other harms. Instead, it highlights a credible risk scenario and precautionary measures, fitting the definition of an AI Hazard. There is no indication of an ongoing incident or complementary information about past incidents or governance responses. Therefore, the event is best classified as an AI Hazard.

The AI system (Comet autonomous browser) is explicitly described as performing complex tasks autonomously to complete academic work, which leads to academic dishonesty and undermines the educational process. This misuse directly harms students' learning and future prospects, which is a form of harm to people. The CEO's reaction and the described consequences confirm the harm is realized, not just potential. Hence, this is an AI Incident involving the use of an AI system leading to harm.

The event involves AI systems explicitly (OpenAI's Guardrails and ChatGPT) and their use and malfunction in security enforcement. The vulnerabilities allow malicious actors to manipulate AI agents to perform harmful or unethical actions, which constitutes indirect harm to health, safety, and potentially human rights. The article reports actual exploitation of these vulnerabilities by researchers and journalists, demonstrating realized harm or at least direct facilitation of harmful outputs. Therefore, this qualifies as an AI Incident due to the direct or indirect harm caused by the AI system's malfunction or misuse.

The article describes direct harms caused by AI systems: mental health issues linked to chatbot interactions, sexual harassment and cyberbullying via AI-generated deepfakes and images without consent, and data breaches related to AI tools. These harms affect individuals' health, rights, and communities, fitting the definition of an AI Incident. The AI systems' development and use have directly or indirectly led to these harms, fulfilling the criteria for an AI Incident rather than a hazard or complementary information.

The article explicitly involves AI systems (ChatGPT and its new versions) and their use in generating content, including erotic content for adults. However, it does not report any actual harm or incidents caused by these AI systems. Instead, it details OpenAI's governance approach, including age verification and content moderation strategies, which are responses to prior concerns. Since the article's main focus is on policy updates and future capabilities rather than harm or plausible harm, it fits the definition of Complementary Information rather than an AI Incident or AI Hazard.

The article centers on OpenAI's announcement to allow adult content in ChatGPT with strict age verification and safety improvements. It does not report any realized harm or direct/indirect incidents caused by the AI system. Instead, it outlines planned changes, regulatory challenges, and safety features aimed at mitigating potential risks. This fits the definition of Complementary Information, as it provides context and updates on AI system governance and responses without describing a new AI Incident or AI Hazard.

The article explicitly mentions the use of ChatGPT, an AI system, to analyze symptoms and suggest a diagnosis that was later confirmed by a human doctor. The AI system's use directly influenced the patient's health management, leading to a reduction in symptoms. This fits the definition of an AI Incident because the AI system's use indirectly led to harm mitigation (improvement in health) and involved the development and use of an AI system in a medical context. Although the AI did not cause harm, its role was pivotal in addressing a health issue that was previously undiagnosed by human practitioners.

The event involves an AI system (ChatGPT) and its use, specifically the planned relaxation of content restrictions to allow erotic content for adults. However, the article does not report any actual harm, violation of rights, or incidents caused by this change. It focuses on the company's policy decisions, planned safety measures like age verification, and the rationale behind these changes. Therefore, it does not meet the criteria for an AI Incident or AI Hazard. Instead, it is a general AI-related update about product features and governance, fitting the definition of Complementary Information.

The article primarily reports on OpenAI's policy plans and public reactions regarding new adult features in ChatGPT. It does not describe any actual harm or incident caused by the AI system, nor does it report any event where harm has occurred or is imminent. The discussion centers on potential future uses and the company's safety measures, without evidence of realized harm or a credible immediate risk. Therefore, it does not qualify as an AI Incident or AI Hazard. Instead, it provides contextual information about governance and societal responses to AI capabilities, fitting the definition of Complementary Information.

The article describes a program designed to find and fix vulnerabilities in AI systems before they cause harm. While the vulnerabilities could plausibly lead to serious incidents if exploited, no actual harm has been reported yet. Therefore, this event represents a credible potential risk (AI Hazard) rather than an incident. The program is a governance and security response to mitigate future AI-related harms.

The AI system Gemini is explicitly involved and its malfunction (failure to block or correctly handle hidden control characters) directly leads to harms such as misinformation generation and potential breaches of confidentiality. These harms fall under harm to communities (spread of misinformation) and possibly violation of rights (privacy breaches). Since the vulnerability has been demonstrated and can cause real harm, this qualifies as an AI Incident. Google's refusal to fix the issue does not negate the realized harm and risk. Therefore, the event is best classified as an AI Incident.