Miggo researchers used an indirect prompt injection technique to manipulate the AI assistant to leak Google Calendar meeting data.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

Security researchers discovered a vulnerability in Google Gemini that allows attackers to exploit calendar invites through indirect prompt injection. By embedding malicious instructions in calendar event fields, attackers can manipulate Gemini to access and exfiltrate private meeting data when users ask routine scheduling questions. The attack works because Gemini parses calendar event context to be helpful, but can't distinguish between legitimate user queries and semantically malicious instructions hidden in benign language. This vulnerability highlights how traditional pattern-based security defenses are inadequate for AI systems, where threats are semantic rather than syntactic. Google has mitigated the flaw, but the incident demonstrates the need for new security approaches that can reason about intent, track data provenance, and govern LLMs as full application layers.

Exploiting Google Gemini to Abuse Calendar Invites Illustrates AI Threats