As of January 3, 2025, Gmail users are facing significant security vulnerabilities linked to AI-powered attacks, particularly concerning the Gemini AI integration across various Google products.

Researchers have identified that indirect prompt injection attacks can manipulate AI responses through documents, emails, or websites, posing serious risks for users of Gmail, Google Slides, and Google Drive.

In response to these vulnerabilities, Google conducts thorough internal and external security assessments for its large language model (LLM)-based experiences and engages in red-teaming exercises to uncover potential weaknesses.

To combat these types of attacks, experts recommend implementing content filtering to detect potentially harmful content in prompts and responses.

A newly identified prompt injection attack, termed the 'link trap,' can leak sensitive data through maliciously crafted links, even without extensive AI permissions.

The link trap attack involves injecting harmful prompts that lead users to click on dangerous links, which can result in the exposure of personal or organizational data.

Another concerning attack methodology, known as the 'Bad Likert Judge AI' attack, allows users to bypass safety measures of large language models by scoring responses based on harmfulness, increasing the risk of generating dangerous content.

The analysis of these vulnerabilities indicates that attackers could compromise the integrity of responses generated by Gemini, raising serious concerns about the security of these platforms.

Users have expressed concerns about how to disable smart features and opt out of AI reading their private emails due to these security risks.

Despite the identification of indirect prompt injection attacks on Gemini, Google has classified this issue as 'Won't Fix (Intended Behavior),' which raises further concerns about user safety.

Google has assured users that defending against prompt injection attacks is a priority, employing various safeguards, including security testing and user input sanitization, to enhance safety across its AI products.

The company also employs a dedicated AI Red Team to conduct security testing and includes AI vulnerabilities in its Vulnerability Rewards Program, encouraging community involvement in identifying security issues.