Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results

Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results

Briefly

"The first attack involved indirect prompt injection and it targeted Gemini Cloud Assist, which enables users to interact with Google Cloud for managing and optimizing cloud operations. The attack abused Gemini Cloud Assist's ability to analyze logs. The researchers discovered that an attacker could send a specially crafted request to the targeted organization, which would result in a malicious prompt being added to log files. When a user asked Cloud Assist to explain the log entry or to analyze logs for various purposes, Gemini would process the attacker's message. In Tenable's demonstration, the attacker convinced Gemini to display a link to a Google phishing page."

"The researchers discovered several Google Cloud services that could have been targeted by an unauthenticated attacker with specially crafted requests that would result in a log entry, including Cloud Functions, Cloud Run, App Engine, Compute Engine, Cloud Endpoints, API Gateway, and Load Balancing."

""One impactful attack scenario would be an attacker who injects a prompt that instructs Gemini to query all public assets, or to query for IAM misconfigurations, and then creates a hyperlink that contains this sensitive data. This should be possible since Gemini has the permission to query assets through the Cloud Asset API," Tenable researchers explained. "Since the attack can be unauthenticated, attackers could also 'spray' attacks on all GCP public-facing services, to get as much impact as possible, rather than a targeted attack," they added."