Google Gemini flaw lets hackers trick email summaries

Experts warn AI assistants like Google Gemini expand attack surfaces, requiring stricter monitoring, HTML sanitisation, and user training to prevent phishing through hidden prompts.
Google Workspace faces a major security risk as attackers use invisible CSS to manipulate Gemini’s summaries, turning ordinary emails into phishing tools.

Security researchers have identified a serious flaw in Google Gemini for Workspace that allows cybercriminals to hide malicious commands inside email content.

The attack involves embedding hidden HTML and CSS instructions, which Gemini processes when summarising emails instead of showing the genuine content.

Attackers use invisible text styling such as white-on-white fonts or zero font size to embed fake warnings that appear to originate from Google.

When users click Gemini’s ‘Summarise this email’ feature, these hidden instructions trigger deceptive alerts urging users to call fake numbers or visit phishing sites, potentially stealing sensitive information.

Unlike traditional scams, there is no need for links, attachments, or scripts—only crafted HTML within the email body. The vulnerability extends beyond Gmail, affecting Docs, Slides, and Drive, raising fears of AI-powered phishing beacons and self-replicating ‘AI worms’ across Google Workspace services.

Experts advise businesses to implement inbound HTML checks, LLM firewalls, and user training to treat AI summaries as informational only. Google is urged to sanitise incoming HTML, improve context attribution, and add visibility for hidden prompts processed by Gemini.

Security teams are reminded that AI tools now form part of the attack surface and must be monitored accordingly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!