Cyber For AI Notes

[Aug 25] Promptware Attacks Against Gemini

Indirect prompt injection to exploit gemini agentic architecture

June 19, 2026

Indirect prompt injection in a Google invitation is all you need to exploit Gemini for Workspace's agentic architecture to trigger the following outcomes:

  • Toxic content generation
  • Spamming
  • Deleting events from the user's calendar
  • Opening the windows in a victim's apartment
  • Activating the boiler in a victim's apartment
  • Turning the light off in a victim's apartment
  • Video streaming a user via Zoom
  • Exfiltrating a user's emails via the browser
  • Geolocating the user via the browser

Video Demo