CSO that he “fundamentally disagrees.””Social engineering is a big problem,” he said. “When you take away the risk of social engineering, it does make users safe.”The solution, he added, is for an AI agent to filter inputs.Google was asked for comment on the FireTail report. No reply had been received by our deadline, nor was there a response from xAI, which is behind Grok. However, after this story was published, a Google spokesperson told CSO the company has published guidance on how to mitigate prompt injection attacks.”ASCII Smuggling attacks against AIs aren’t new,” commented Joseph Steinberg, a US-based cybersecurity and AI expert. “I saw one demonstrated over a year ago.”He didn’t specify where, but in August 2024, a security researcher blogged about an ASCII smuggling vulnerability in Copilot. The finding was reported to Microsoft.Many ways of disguising malicious prompts will be discovered over time, he added, so it’s important that IT and security leaders ensure that AIs don’t have the power to act without human approval on prompts that could be damaging.It may be wise, he added, to convert all prompt requests to standard ASCII characters that are visible and expected before they reach the AI engine. Last month CSO reported that attackers are increasingly exploiting generative AI by embedding malicious prompts in macros and exposing hidden data through parsers. Other such flaws include the discovery by Aim Security researchers of EchoLeak (CVE-2025-32711), a zero-click prompt injection vulnerability in Microsoft 365 Copilot that has since been patched.In July, Pangea reported that large language models (LLMs) could be fooled by prompt injection attacks that embed malicious instructions into a query’s legal disclaimer, terms of service, or privacy policies. At the time, Kellman Meghu, principal security architect at Canadian incident response firm DeepCove Cybersecurity, said, “How silly we are as an industry, pretending this thing [AI] is ready for prime time “¦ We just keep throwing AI at the wall hoping something sticks.”FireTail’s Snider believes that eventually Google will plug the hole it discovered in Gemini, in response to the “unwanted attention” from reporting by several IT news sites.Updated with Google’s response linking to its mitigation advice.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4069806/unplug-gemini-from-email-and-calendars-says-cybersecurity-firm.html
