Security researchers have found a serious privacy risk linked to Google Gemini’s integration with Google Calendar. The issue could allow attackers to access a user’s private calendar data without permission.
The vulnerability was discovered by researchers at Miggo Security. They found that attackers could bypass Google Calendar’s privacy controls using a method called Indirect Prompt Injection. This technique tricks the AI into following hidden instructions written in normal text.
Here’s how the attack works in simple terms. An attacker sends a user a calendar invite. Inside the invite description, the attacker hides secret instructions for Gemini, such as asking it to summarise all meetings and store the information in a new calendar event.
Later, when the user asks Gemini a normal question like, “Am I free on Saturday?”, Gemini scans the calendar. While doing so, it reads the malicious invite and follows the hidden commands without the user knowing.
As a result, Gemini may create a new calendar event that contains a full summary of the user’s private meetings. This new event can then be seen by the attacker, allowing them to steal personal information silently.
To the user, everything appears normal. Gemini gives a harmless reply, while the data theft happens in the background.
The good news is that Miggo Security reported the issue to Google, and Google has confirmed and fixed the vulnerability. Users are currently not at risk from this specific flaw.
However, experts warn that this incident shows a new kind of security threat. When AI tools can take actions on behalf of users, they can also be manipulated using language instead of code.
Researchers say future AI systems must be designed carefully, as security risks now exist in prompts, context, and AI behaviour, not just software bugs.
Also Read: Landmark London Adopts IRIS to Upgrade In-Room Dining
