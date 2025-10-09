Google’s flagship AI assistant, Gemini, is facing criticism after a cybersecurity researcher discovered a security flaw that could allow attackers to steal sensitive user information, and Google reportedly has no plans to fix it.

The issue, known as an ASCII smuggling attack, can trick large language models (LLMs) into following hidden instructions embedded in emails or documents. When Gemini is asked to summarize such text, it unknowingly reads the hidden prompts, potentially exposing private details like contact lists or messages.

Cybersecurity expert Viktor Markopoulos put several popular AI systems to the test, including Gemini, DeepSeek, and Grok, and found that all three could be tricked by this kind of attack. In contrast, competing models such as ChatGPT, Claude, and Microsoft Copilot proved more resilient, successfully blocking the exploit and demonstrating stronger protection against hidden prompt manipulation.

Gemini Security Flaw: How the Attack Works

ASCII smuggling isn’t your typical hacking trick; it’s a form of prompt injection disguised within everyday digital communication. For example, a malicious actor could hide a command inside an email using a microscopic font or an invisible text layer. When a user asks Gemini to “summarize this message”, the AI could inadvertently follow those secret instructions.

That hidden command might then tell the AI to do something dangerous, such as look through your inbox, send personal data, or share links to phishing sites.

The risk becomes more serious as Gemini becomes tightly integrated into Google Workspace, including Gmail, Docs, and Calendar. If left unpatched, a simple “summarize this” command could expose private or corporate data, especially in business environments where employees use Gemini to manage communications.

Google’s Response: ‘It’s Social Engineering, Not a Bug’

When Markopoulos disclosed the Google Gemini security flaw, he even demonstrated the flaw, showing how Gemini could be manipulated into promoting a malicious website disguised as a discount offer.

Instead of acknowledging it as a software vulnerability, Google reportedly dismissed the issue. The company labeled the exploit as a “social engineering tactic” rather than a security flaw, suggesting that users should exercise caution instead of expecting a fix.

This stance has drawn criticism from cybersecurity experts, who argue that as AI assistants handle increasingly sensitive information, companies must take proactive responsibility for securing their models, especially those connected to core productivity platforms.

What It Means for Gemini Users

For everyday users, this means that Gemini could still be tricked into acting on hidden instructions, and there’s little protection against it for now. If you use Gemini for summarizing emails, analyzing meeting notes, or automating tasks, you might unknowingly expose yourself to data leaks.

Experts suggest a few precautions:

Avoid summarizing content from unknown or unverified sources.

Don’t feed Gemini sensitive emails or documents until Google addresses the issue.

Stay alert to strange AI outputs, such as suspicious links or unexpected data-sharing prompts.

As of now, there’s no official patch or timeline for when or if Google will fix the vulnerability.

Industry Impact and Broader Concerns

This incident reignites the debate over AI accountability and transparency, especially as major tech firms race to integrate generative AI into their ecosystems.

While Google insists Gemini users remain safe, the company’s reluctance to classify this as a “bug” raises questions about how security standards are being applied to AI models.

AI competitors like OpenAI and Anthropic appear to be ahead in implementing prompt sanitization and filtering layers to prevent exactly this kind of manipulation. Their proactive stance could make them more attractive to enterprise clients who handle confidential data daily.

If Google continues to downplay such vulnerabilities, trust in Gemini’s enterprise security, particularly among Google Workspace users, could erode.

The Bottom Line

Google’s refusal to patch the Gemini flaw suggests a troubling gap between AI innovation and AI security. As LLMs increasingly manage emails, files, and internal communications, the line between human error and system vulnerability is blurring.

For now, Gemini users, especially business teams, may need to treat Google’s AI assistant with a little more caution. Until the company revisits its stance, the best defense is user awareness.

