Indirect Malicious Prompt Technique Targets Google Gemini Enterprise

Noma Security today revealed it has discovered a vulnerability in the enterprise edition of Google Gemini that can be used to inject a malicious prompt that instructs an artificial intelligence (AI) application or agent to exfiltrate data. Dubbed GeminiJack, cybercriminals can use this vulnerability to embed a malicious prompt in, for example, a Google Doc..

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2025/12/indirect-malicious-prompt-technique-targets-google-gemini-enterprise/