Google

Security researchers have uncovered a significant vulnerability in Google Gemini for Workspace that enables threat actors to embed hidden malicious instructions within emails. The attack exploits the AI assistant’s 'Summarize this email' feature to display fabricated security warnings that appear to originate from Google itself, potentially leading to credential theft and social engineering attacks. The vulnerability affects Gmail, Docs, Slides, and Drive, potentially enabling AI worms across Google Workspace.

Source: https://cybersecuritynews.com/google-gemini-for-workspace-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/google

"id": "goo554071425",
"linkid": "google",
"type": "Vulnerability",
"date": "7/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Google',
                        'type': 'Technology Company'}],
 'attack_vector': 'Prompt-injection technique through crafted HTML and CSS '
                  'code',
 'description': 'A significant vulnerability in Google Gemini for Workspace '
                'enables threat actors to embed hidden malicious instructions '
                'within emails, leading to credential theft and social '
                'engineering attacks.',
 'impact': {'systems_affected': ['Gmail', 'Docs', 'Slides', 'Drive']},
 'initial_access_broker': {'entry_point': 'Email'},
 'lessons_learned': 'AI assistants represent a new component of the attack '
                    'surface, requiring security teams to instrument, sandbox, '
                    'and carefully monitor their outputs as potential threat '
                    'vectors.',
 'motivation': 'Credential theft, social engineering',
 'post_incident_analysis': {'corrective_actions': ['Inbound HTML linting',
                                                   'LLM firewall '
                                                   'configurations',
                                                   'Post-processing filters',
                                                   'HTML sanitization at '
                                                   'ingestion',
                                                   'Improved context '
                                                   'attribution',
                                                   'Enhanced explainability '
                                                   'features'],
                            'root_causes': 'Prompt-injection technique through '
                                           'crafted HTML and CSS code'},
 'recommendations': ['Implement inbound HTML linting',
                     'Configure LLM firewall',
                     'Enhance user awareness training',
                     'Sanitize HTML at ingestion',
                     'Improve context attribution',
                     'Enhance explainability features'],
 'references': [{'source': 'Security researchers'}],
 'response': {'containment_measures': ['Inbound HTML linting',
                                       'LLM firewall configurations',
                                       'Post-processing filters'],
              'remediation_measures': ['HTML sanitization at ingestion',
                                       'Improved context attribution',
                                       'Enhanced explainability features']},
 'title': 'Google Gemini for Workspace Vulnerability',
 'type': 'Vulnerability Exploit',
 'vulnerability_exploited': 'Indirect prompt injection (IPI)'}