Gemini Vulnerability Exposes Users to Phishing Attacks

Published on 7.21.25

The increasing sophistication of cyber threats has led to a significant escalation of AI-powered phishing attacks globally, with hackers exploiting vulnerabilities in Google's Gemini tool to deceive users into revealing sensitive information. Researchers have discovered that attackers are using "prompt-injection" attacks to manipulate Gemini, allowing them to craft emails that appear urgent and legitimate while concealing malicious instructions within invisible text. By setting font size to zero and text color to white, hackers can make these prompts imperceptible to users but still actionable by the AI-powered tool. This vulnerability arises from Gemini's ability to summarize emails and process invisible text, which cybercriminals are exploiting to bypass security measures. Experts recommend configuring email clients to detect and neutralize hidden content in message bodies and implementing post-processing filters to scan inboxes for suspicious elements like "urgent messages," URLs, or phone numbers. A recent study found that attackers are using this technique to trick users into revealing their Gmail accounts by executing hidden commands within incoming email messages.

References

7.16.25 Google Gemini Hackers Bypass Security with Invisible Phishing
dailymail.co.uk

7.16.25 Gemini Exposed to 'Prompt-Injection' Email Hacks
techradar.com

Back

See Newsfeed: Artificial Intelligence