New Cybersecurity Vulnerabilities Unveiled in Google Gemini AI

On August 7, 2025, cybersecurity researchers from SafeBreach Labs discovered a significant vulnerability in Google Gemini AI, compromising its security through a novel attack method termed ‘Promptware’. This method exploits Google Calendar invitations to hijack the AI agents, allowing attackers to manipulate AI models via indirect prompt injection.

The researchers, Ben Nassi, Stav Cohen, and Or Yair, presented their findings in a study named ‘Invitation Is All You Need’. They demonstrated how a targeted Promptware attack could breach a user’s Gemini AI agent without their awareness, successfully gaining unauthorized access to sensitive personal data and control over smart home devices, including windows and lighting systems.

This technique proves particularly alarming, as it enables attackers to bypass traditional security measures that rely on direct user input. According to their estimates, approximately 73% of the Promptware threats identified during the study fall into the 'High-Critical risk' category, suggesting a widespread potential for similar vulnerabilities across other AI-powered tools.

After reporting their findings to Google in February 2025, the company took measures to enhance security against such prompt injection threats. However, concerns remain about the effectiveness of these measures and whether they adequately protect against existing vulnerabilities. The implications of this research will be further discussed during presentations at the upcoming Black Hat USA and DEF CON 33 conferences, emphasizing the need for continuous investigation into AI cybersecurity.

The findings underscore the pressing need for stronger defenses in AI technologies as they become increasingly integrated into personal and professional lives. SafeBreach Labs’ work highlights that while AI offers many benefits, it also presents unique challenges that require immediate attention and action from stakeholders across the cybersecurity landscape.