Researchers design "promptware" attack with Google Calendar to turn Gemini evil
18 days ago
- #Prompt Injection
- #AI Security
- #Smart Home Vulnerabilities
- Generative AI systems are widely used in the tech industry, making them hard to avoid.
- AI safety is a major concern, but evolving AI capabilities also introduce new malware threats, termed 'promptware' by researchers.
- Researchers tricked Gemini into manipulating Google smart home devices via malicious calendar appointments, marking a real-world AI attack.
- Gemini's connectivity to Google apps (calendar, smart home devices, messaging) makes it a target for indirect prompt injection attacks.
- The attack involves embedding malicious instructions in a calendar event, which Gemini processes when summarizing the user's schedule.
- The attack bypassed Google's safeguards by linking malicious actions to later innocent user interactions with Gemini.
- Researchers demonstrated control over various Google-linked smart home devices (lights, thermostats, blinds) via this method.
- This is considered the first instance of a prompt-injection attack with real-world physical effects.