reported on new cybersecurity research that demonstrated a hack of the Google Gemini artificial intelligence assistant. The researchers were able to control connected smart home devices through the use of indirect prompt injections in Google Calendar invites. When a user requested a summary of their calendar and thanked Gemini for the results, the malicious prompt ordered Google’s Home AI agent to take actions such as opening windows or turning lights off, as demonstrated in the video above.
Before attacks were demonstrated this week at the Black Hat cybersecurity conference, the team shared their findings directly with Google in February. Andy Wen, a senior director of security product management with Google Workspace, spoke to Wired about their findings.
“It’s going to be with us for a while, but we’re hopeful that we can get to a point where the everyday user doesn’t really worry about it that much,” he said of prompt injection attacks, adding that instances of those hacks in the real world are “exceedingly rare.” However, the growing complexity of large language models means bad actors could be looking for new ways to exploit them, making the approach difficult to defend against. Wen said Google took the vulnerabilities uncovered by the researchers “extremely seriously” and used the results to speed its work on this type of attack.
