SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

Google Gemini Tricked Into Showing Phishing Message Hidden in Email 

Google Gemini for Workspace can be tricked into displaying a phishing message when asked to summarize an email.
AI hack

A researcher has found that Google Gemini for Workspace is affected by a prompt injection vulnerability that can be exploited to trick the AI assistant into displaying a phishing message.

The weakness was found by Marco Figueroa and reported through Mozilla’s 0Din bug bounty program, which focuses on gen-AI vulnerabilities.

The researcher’s hack involves sending the targeted user an email that, in addition to a benign lure text, contains a phishing message that is written with white font on a white background, making it invisible to the target. 

This phishing message, which needs to be wrapped inside <admin> tags, instructs Gemini to include the message at the end of its response.

When the target uses Gemini’s ‘summarize this email’ functionality to get a summary of the attacker’s email, in addition to a summary of the text visible to the victim, Gemini displays the phishing message. That is because Gemini prioritizes the text wrapped in <admin> tags and reproduces it verbatim. 

As an example, Figueroa created an email that would cause Gemini to display a message informing the victim that their Gmail password has been compromised, instructing them to call a phone number to reset the password. The attacker could then phish the victim’s credentials when they get the call. 

Advertisement. Scroll to continue reading.

Google has been taking steps to mitigate prompt injection attacks and it recently summarized its work in this area. 

The company told SecurityWeek that it has not seen any evidence of this specific method being used in attacks.

“Defending against attacks impacting the industry, like prompt injections, has been a continued priority for us, and we’ve deployed numerous strong defenses to keep users safe, including safeguards to prevent harmful or misleading responses. We are constantly hardening our already robust defenses through red-teaming exercises that train our models to defend against these types of adversarial attacks,” a Google spokesperson said via email.

*updated with statement from Google

Related: Grok-4 Falls to a Jailbreak Two Days After Its Release

Related: ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis

Related: New AI Jailbreak Bypasses Guardrails With Ease

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
On-Demand

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

Webinar: Third-Party Risk in Practice
June 4, 2026

Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.

Register

People on the Move

Anurag Jain has been appointed Senior Vice President of Engineering at CodeHunter

CTERA has appointed Tal Sarfaty as Senior Vice President of Cybersecurity.

Quantum Secure Encryption has named Michael Massing as Chief Technology Officer.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.