Security researchers identified three critical vulnerabilities in **Google’s Gemini AI assistant**, dubbed the 'Trifecta,' which could have allowed attackers to exploit hidden prompts in web requests, inject malicious commands via Chrome browsing history, and exfiltrate stored user data (including location and saved information) to external servers. The flaws affected **Gemini Cloud Assist, Search Personalization Model, and Browsing Tool**, enabling potential unauthorized control over cloud resources and AI-driven data leaks. While Google patched the issues by blocking dangerous links and reinforcing prompt injection defenses, the vulnerabilities may have been exploited before mitigation—particularly by users interacting with malicious websites or Gemini-tied cloud services. The incident underscores AI’s emerging role as both an attack vector and a target, with risks escalating as AI integrates deeper into daily-use services. Though the immediate threat is contained, the exposure highlights systemic gaps in AI security, where novel features may outpace safeguards, leaving user data and system integrity at risk.
Source: https://www.malwarebytes.com/blog/news/2025/10/gemini-ai-flaws-could-have-exposed-your-data
Google cybersecurity rating report: https://www.rankiteo.com/company/google
"id": "GOO32101632112225",
"linkid": "google",
"type": "Vulnerability",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users of Google services '
'relying on Gemini AI (potential '
'exposure if interacted with '
'malicious sites or Gemini cloud '
'features pre-patch)',
'industry': 'AI/Cloud Services',
'location': 'Global',
'name': 'Google (Gemini AI Services)',
'size': 'Large',
'type': 'Technology Company'}],
'attack_vector': ['Hidden Prompts in Web Requests',
'Malicious Website Interaction',
'AI Command Injection'],
'customer_advisories': 'Google likely issued internal advisories; public '
'guidance focused on safe AI usage.',
'data_breach': {'data_exfiltration': 'Possible (via malicious servers in '
'Browsing Tool flaw)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (personal and location data)',
'type_of_data_compromised': ['Personal Data (Saved '
'Information, Location)',
'Cloud Resource Access '
'Credentials (Potential)']},
'description': 'Security researchers discovered three vulnerabilities in '
"Google’s Gemini AI assistant, dubbed the 'Trifecta.' The "
'flaws were found in three components: **Gemini Cloud Assist** '
'(tricked by hidden prompts in web requests, risking control '
'over cloud resources), **Gemini Search Personalization '
'Model** (injected harmful prompts via malicious websites, '
'leaking personal data), and **Gemini Browsing Tool** (tricked '
'into sending user data to malicious servers via web page '
'summarization). Google patched these by blocking dangerous '
'links and strengthening defenses against prompt injections. '
'While the risk to users is now low, the incident highlights '
'evolving AI security concerns as AI integrates deeper into '
'daily services.',
'impact': {'brand_reputation_impact': 'Raised concerns about AI security and '
"trust in Google's AI tools",
'data_compromised': ['Personal Data (Saved Information, Location)',
'Cloud Resource Access'],
'identity_theft_risk': 'High (if personal data was leaked before '
'patching)',
'operational_impact': 'Potential unauthorized control over cloud '
'resources and data leakage',
'systems_affected': ['Google Gemini AI (Cloud Assist, Search '
'Personalization, Browsing Tool)',
'Chrome Browsing History Integration']},
'initial_access_broker': {'entry_point': ['Malicious Websites (Prompt '
'Injection)',
'Web Requests with Hidden Commands'],
'high_value_targets': ['Cloud Resources',
'Personal Data (Location, '
'Saved Information)']},
'investigation_status': 'Resolved (Vulnerabilities Patched)',
'lessons_learned': ['AI systems can be weaponized as attack vectors, not just '
'targets.',
'Prompt injection and hidden commands in web requests '
'pose significant risks to AI integrity.',
'Proactive patching and user education are critical as AI '
'integrates into daily services.',
'Security must be prioritized in AI feature development '
'to prevent exploitation.'],
'post_incident_analysis': {'corrective_actions': ['Blocked rendering of '
'dangerous links in Gemini.',
'Enhanced defenses against '
'prompt injection attacks.',
'Public awareness campaigns '
'on AI security risks.'],
'root_causes': ['Insufficient input validation in '
'Gemini AI components (allowing '
'prompt injection).',
'Lack of safeguards against hidden '
'commands in web requests/browsing '
'history.',
'Over-reliance on user trust in AI '
'interactions without robust abuse '
'detection.']},
'recommendations': ['Avoid visiting suspicious websites, especially those '
'prompting AI assistant interactions.',
'Keep software, browsers, and apps updated to apply '
'security patches.',
'Limit sensitive information shared with AI tools.',
'Use real-time anti-malware with web protection.',
'Monitor AI tool behaviors for unusual activity (e.g., '
'unexpected data requests).'],
'references': [{'source': 'Malwarebytes (Security Researchers)'}],
'response': {'communication_strategy': 'Public disclosure via security '
'researchers; user advisories on safe '
'AI usage',
'containment_measures': ['Blocked Gemini from rendering '
'dangerous links',
'Strengthened defenses against prompt '
'injections'],
'incident_response_plan_activated': True,
'remediation_measures': ['Patching vulnerabilities in Gemini '
'Cloud Assist, Search Personalization '
'Model, and Browsing Tool']},
'stakeholder_advisories': 'Users advised to update systems and exercise '
'caution with AI interactions.',
'title': "Gemini AI 'Trifecta' Vulnerabilities Discovered and Patched",
'type': ['Vulnerability Exploitation', 'Prompt Injection', 'Data Leakage'],
'vulnerability_exploited': ['Gemini Cloud Assist (Log Summarization Flaw)',
'Gemini Search Personalization Model (Prompt '
'Injection via Browsing History)',
'Gemini Browsing Tool (Web Page Summarization '
'Data Exfiltration)']}