Google issues red alert as new cyber attack targets Gmail users using AI with ‘indirect prompt injections’

Google warns its 1.8 billion Gmail users about a new cybersecurity threat called indirect prompt injections, where hackers hide malicious commands in emails.

Published on: Aug 19, 2025 6:06 PM IST

Share via

Copy link

Google, which has 1.8 billion Gmail users worldwide, recently issued a serious warning about a new kind of cybersecurity threat linked to advances in artificial intelligence, reported Men's Journal.

Google alerted everyone about a new type of cyberattack called “indirect prompt injections.”

Also Read: Google to pay around ₹300 crore fine in Australia for doing this ‘deal’ in mobiles

Google warns of wave of new threats

This threat affects not just people but also businesses and governments. In a detailed blog post, Google explained the danger, “With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections.”

The difference with this attack is that instead of directly putting harmful commands into the AI prompt, hackers hide malicious instructions inside things like emails, documents, or calendar invites. These hidden commands can make the AI leak user data or do other bad things, the post explained.

Google warned that this threat puts everyone at risk. “As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security measures,” the blog added.

Hackers use Google AI Gemini to steal passwords

Tech expert Scott Polderman said hackers are using Google’s AI assistant, Gemini, to steal user information. Hackers send emails with hidden commands that make Gemini reveal passwords without the user knowing, as reported by The Mirror report.

This warning comes as more people use AI for personal things like dating and relationship advice. Scott said this scam is different from older ones because it’s “AI against AI” and could cause more attacks like this.

He explained that these hidden commands trick the AI into working against itself, making users accidentally give away their login details.

Scott also pointed out that there’s no link to click for the scam to work, it happens when Gemini itself shows a message warning users they are at risk.

He reminded everyone that Google has said it will never ask for login details or alert users about fraud through Gemini.

ABOUT THE AUTHOR
Varnika Srivastava
Varnika is a journalist at Hindustan Times with three years of experience covering national and world news. With a passion for delivering impactful stories, she strives to provide readers with accurate and engaging coverage of global and national news. Outside the newsroom, Varnika is a travel enthusiast who loves exploring new destinations and discovering diverse cuisines. From uncovering hidden gems to savoring authentic flavors, she finds inspiration in every journey, blending her love for travel with a storyteller’s eye.Read More

Get Latest Updates on Trending News Viral News, Video, Photos and Weather Updates of India and around the world