Researchers have revealed a significant vulnerability in Google's Gemini AI, demonstrating that a poisoned calendar invite can hijack the system to control smart home devices remotely.

This attack, referred to as a 'promptware' assault, embeds malicious instructions within Google Calendar events, which Gemini inadvertently executes while processing the event.

Gemini is designed to respond to basic English commands but can be manipulated into executing specific actions, such as turning off lights or opening windows, by embedding commands in seemingly innocuous calendar titles.

The incident underscores the potential dangers associated with large language models (LLMs) as they become increasingly integrated with connected devices, raising concerns about their autonomous capabilities.

One alarming demonstration showed how the attack could cause internet-connected appliances to operate without user consent, such as turning off lights or activating a boiler.

Google has been made aware of these vulnerabilities and has assured that they are being taken seriously, although prompt injection attacks remain rare in real-world scenarios.

After being notified of the vulnerabilities earlier in 2025, Google implemented fixes, including enhanced prompt filtering and user confirmation for sensitive actions.

Similar prompt injection vulnerabilities have been identified in other AI systems, highlighting a broader issue within generative AI technologies.

This incident emphasizes the importance of securing digital calendars against phishing and other malicious activities, particularly as smart home technology becomes more prevalent.

Ongoing research into AI vulnerabilities is crucial for developing effective security protocols to mitigate risks associated with AI technology.

The integration of Gemini with the Google app ecosystem makes it particularly susceptible to such attacks, as it can access calendars and smart home devices.

The findings were presented at the Black Hat cybersecurity conference by researchers from Tel Aviv University, illustrating how promptware can manipulate Gemini through everyday interactions.