Hackers Attack Gmail Via Gemini AI Vulnerability

More than 1.8 billion Gmail users are at risk from a new cyberattack that uses artificial intelligence. Attackers have found a way to trick the email service’s built-in Gemini AI into generating false alerts and phishing messages.

The attack involves injecting hidden commands into the body of the email — the scammers use white text on a white background with a zero font size, making them invisible to the user but easily readable by the AI system. When an unsuspecting victim clicks the “Generate Summary” button, Gemini processes these hidden instructions instead of analyzing the visible text. As a result, the AI can generate a fake alert about an account being hacked with fake “support” phone numbers that actually lead to the scammers.

Security researchers at Mozilla 0Din have confirmed the existence of this vulnerability, demonstrating how easy it is to fool the system. To protect yourself, it is recommended to be extremely wary of any automatically generated warnings, never use contact information from such messages, carefully check all suspicious emails, and, if possible, set up mail filters to block hidden text.

Google has not yet patched this vulnerability, so the threat remains for all services that use Gemini AI, including Gmail, Docs, and Calendar.