Google Gemini in Gmail: AI vulnerability forces security reinforcement

  • A 'prompt injection' attack allows hackers to insert hidden instructions into emails for the Gemini Digest in Gmail.
  • The technique uses HTML and CSS to camouflage malicious commands that Gemini processes as legitimate.
  • Experts and Google have confirmed and patched the flaw, although they recommend caution.
  • The method does not require suspicious links or attachments and affects Workspace users and personal accounts.
Alberto Navarro

5 minutes

Gmail Gemini AI Summary

Google's artificial intelligence, known as Gemini, has revolutionized email management in Gmail by offering automatic summaries of long messages, thus simplifying the reading and processing of information. However, this advancement has also opened the door to new cybersecurity threats, as a sophisticated method has been detected that allows attackers to take advantage of their ability to interpret instructions hidden in emails, which has raised alarm among experts and users.

Gemini's summary feature, originally implemented for mobile devices and now extended to the web version of Gmail, appears when message threads are especially long. The tool creates automatic summary cards that make it easy to quickly review the entire conversation. But behind this feature lies a flaw that, until recently, could be exploited by cybercriminals to generate fraudulent messages that appeared to come from Google's own AI.

New Gmail feature in Android-0
Related article:
Gmail improves on Android: you can now mark emails as read from the notification.

The hidden instruction injection technique

Malicious email with Gemini

Cybersecurity researchers have documented how the so-called 'prompt injection' allows attackers to camouflage commands directed at Gemini using HTML and CSSSpecifically, messages are embedded in the body of the email using white text on a white background, or reducing the font size to zero, so that they are completely invisible to the recipient but analyzed by artificial intelligence. This hidden text becomes a command that Gemini executes when generating the summary, modifying its content without the user noticing.

The result is messages apparently generated by the AI itself, such as fake security alerts or requests to call fraudulent support numbers. The danger of this attack lies in the fact that requires no attachments or suspicious links, two of the classic indicators of phishing attempts, which makes it extremely difficult for both users and Gmail filters to detect them.

Related article:
Google's Gemini app is now available for iPhone: here's what you can do with it

Impact, spread and affected devices

Demonstration of the Gmail attack

The vulnerability has mainly affected Google Workspace users (Business and Enterprise versions, as well as accounts with Gemini Education) and also to individuals who use Gmail's smart services. This technique, identified and reported by firms such as Odin and Mozilla, could have had a greater impact, since other Workspace applications such as Docs or Drive They also have functions based on artificial intelligence.

Cybersecurity experts emphasize that the scope of this attack is considerable: all a user needs to do is request a summary of any "normal" email and, if it contains hidden instructions, messages generated by Gemini following the attacker's orders will appear. Observed examples include deceptive warnings about compromised passwords and simulations of security incidents with fake support phone numbers, all designed to steal personal data or credentials.

Lenovo Chromebook Plus 14
Related article:
Lenovo Chromebook Plus 14: We have a new benchmark in AI-powered Chromebooks.

Google's response and actions taken

Google Gemini Solutions and Updates

Following the public announcement of the ruling, Google has acknowledged the problem and implemented security updates to its Gemini model, strengthening defenses against hidden instructions. According to a company spokesperson, “We constantly strengthen our defenses through red-teaming exercises and best practices for our AI models.” Additionally, in version 1.5.4 of Gemini, released in early July 2025, a final patch that blocks the main attack vectorGoogle's Threat Intelligence Group has insisted that the exploit attempts detected were basic and were blocked by its systems.

It is essential that users follow best practices, such as clean the HTML before interpreting messages and not blindly relying on automated summaries, especially when they request urgent or unusual actions. The company also advises implementing filters and controls to detect "anomalous" styles in emails, such as invisible text or suspiciously small fonts.

Gemini Live in Spanish
Related article:
Gemini Live now speaks Spanish: discover how to use Google AI

Safety recommendations and good practices

Gmail Gemini security measures

Experts advise taking several measures to protect against AI-based phishing attempts:

  • Do not rely on security alerts or prompts automatically generated by Gemini., especially if they include phone numbers or password change requests.
  • Select all email text (Ctrl+A) and check for hidden content before requesting a summary.
  • Update passwords regularly and enable two-step verification in Gmail and other Google services.
  • Avoid sharing personal information or credentials by phone or email, even if the request appears to come from Google.
  • Use anti-phishing filters and keep your security software up to date. on all devices.

It's recommended to check any security alerts on Google's official website and be wary of any guidance provided by automated AI-generated summaries.

The incorporation of Gemini into Gmail exemplifies the benefits and risks of adopting artificial intelligence in everyday tools. Google's swift intervention has mitigated the impact of this vulnerability, but highlights the constant evolution of cyber attack methods and the importance of monitoring and good practices in the use of technology.


Follow us on Google News