- Hackers target Gmail with hidden AI commands
- Attacks can expose business and personal data
- Google urges caution as AI adoption rises
New cyber threat for Gmail users
Google has issued a warning about a growing cybersecurity risk affecting its 1.8 billion Gmail users. The company highlighted a technique known as indirect prompt injection, where malicious commands are hidden inside everyday content such as emails, documents, or calendar invites.
Unlike traditional phishing attempts that rely on suspicious links, these attacks exploit generative AI tools. When an AI system processes the hidden instructions, it may be tricked into leaking sensitive information or performing harmful actions.
Impact on businesses and governments
The risk extends beyond personal users. Google noted that businesses and public sector organisations are also vulnerable as they adopt AI tools in their daily operations. The company emphasised that attackers are adapting quickly to generative AI, creating new risks that require immediate attention.
For businesses, the danger lies in employees unknowingly interacting with these hidden commands. A simple email could trigger unintended AI responses, leading to exposure of login details or confidential data without the user realising.
Gemini targeted in attacks
Reports suggest hackers have already attempted to exploit Google’s AI assistant, Gemini. Security expert Scott Polderman explained that attackers send emails containing hidden instructions that can cause Gemini to reveal stored passwords. Unlike conventional scams, there is no suspicious link to click. Instead, the attack works when the AI itself is manipulated into showing a warning message.
Google stressed that Gemini will never request login credentials or send fraud alerts. Any such prompt should be treated as suspicious.
Why this matters for IT leaders
The emergence of indirect prompt injections highlights how cyber threats are evolving alongside AI adoption.
For IT teams and decision-makers, this means traditional awareness campaigns about phishing emails are no longer enough. New training and safeguards are required to help employees recognise AI-specific risks.
Organisations should review their current cybersecurity policies, especially those involving AI tools and assistants. Monitoring how staff interact with AI platforms and reinforcing clear reporting procedures can help reduce exposure to these new attacks.
Looking ahead
Google’s warning reflects a broader challenge facing enterprises: as AI becomes a core part of productivity tools, it also creates new attack surfaces. Indirect prompt injections are still emerging, but their potential impact on businesses and government systems makes them a priority risk area.
