Google Gemini G-Suite Prompt Injection Vulnerability

Case GUID: e24d9e6b-8c5e-4e2f-ad4f-2abc0072307a

Summary

A prompt injection vulnerability has been discovered affecting Google Gemini across G-Suite applications such as email. The specific flaw allows an attacker to send an email containing a prompt injection to a victim. When the victim requests Gemini to summarize their unread emails, they receive a manipulated response that appears to be legitimate, originating from Gemini itself.

Metadata

Social Impact Score

Level 2: Moderate Risk

The violation has a moderate social impact, potentially involving misinformation or low-stakes safety risks, which could mislead users or increase risks if used irresponsibly.

Example: Model generating content that could be misinterpreted as medical advice, bypassing filters to generate mildly sensitive information like dosage amounts for common medications without full context. Leakage of private personal data such as cell phone number.

Potential Consequences: Could lead to individual harm or liability for the provider, prompting policy review and potentially mild regulatory concern.

Taxonomies

Stratagems
This involves clever and unorthodox tactics designed to deceive the model, often requiring an understanding of its operational mechanics to achieve desired outcomes.
Meta Prompting
This technique focuses on manipulating the prompting process itself to influence the model's behavior and responses, often by employing higher-level prompting strategies.
Deceptive Formatting
A prompt injection in the most pure sense, formatting the user prompt to fabricate the appearance of system instructions, a database query, its own prediction, or some other source of input a guard railed AI system might be expecting, causing it to behave in insecure ways based on the fabricated context from an adversarially formatted user prompt.

About 0Din.ai

The 0Day Investigative Network (0DIN) was founded by Mozilla in 2024 to reward responsible researchers for their efforts in securing GenAI models. Learn more and submit discoveries at https://0din.ai.

Severity

Medium

Security Boundary

Prompt Injection

Models

Google logo Google Gemini Google Workspace

Disclosed On

2025-02-04 (5 months)

Disclosure Policy

Published On

2025-07-10 (1 day)

Credit

blurrylogic
We use Google Analytics to collect data about how you use this website to optimize user experience.
Please refer to our privacy notice for more information.