Credit: Rita El Khoury / Android Authority
TL;DR
- Researchers found a way to hide malicious instructions within a normal Google Calendar invite that Gemini can unknowingly execute.
- When users asked Gemini about their schedule, it could be tricked into summarizing their private meetings and leaking that data into a new event.
- Google was duly notified and has added new protections, but the issue highlights how AI features can be abused through natural language.
Google recently made Gemini a lot more useful by letting it work across multiple Calendars, not just your primary one. You can now ask about events or create new meetings across secondary calendars using natural language. But just as that update rolled out, security researchers shared a worrying new finding about how Gemini can be exploited to access someone’s private and confidential Calendar information.