Cybersecurity News Kinetic Potential

Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data

Wed, 12/10/2025 - 09:09 / 0 Comments

Google recently addressed a Gemini Enterprise vulnerability that could have been exploited by threat actors to obtain potentially sensitive corporate data, according to AI security firm Noma Security.

Dubbed GeminiJack, the attack method did not require any user interaction. Sending a specially crafted document, calendar invite, or email was enough to exploit the flaw, which Noma described as “an architectural weakness in the way enterprise AI systems interpret information”.

Gemini Enterprise is an agentic platform designed to enable large organizations to automate complex, multi-step business workflows across their entire technology stack.

GeminiJack leveraged the fact that Gemini Enterprise has access to various Google services used by an organization, including Gmail, Docs, Calendar, and other Workspace components.

An attacker could have incorporated hidden prompt injection instructions into a specially crafted email, document, or calendar invitation. The victim would not need to view the malicious asset; instead, the attacker’s commands would be executed by Gemini Enterprise when being asked for information on a related topic.

“An attacker could share a Google Doc including indirect prompt injection about budgets without notification,” Noma explained. “Later, when any employee performed a standard search in Gemini Enterprise, such as ‘show me our budgets’, the AI automatically retrieved the poisoned document and executed the instructions.”

While the employee got the information they requested from Gemini, the AI would be instructed to silently exfiltrate emails, calendar entries, or corporate documents.

The attacker could have, for instance, instructed Gemini to collect all documents containing the words “confidential”, “legal”, “salary”, or “API key”.

According to Noma, the issue was reported to Google in May, and comprehensive mitigations were rolled out in recent weeks.

Google has confirmed to SecurityWeek that Noma’s description of the findings is accurate and that the vulnerability has been mitigated.

Cybersecurity companies regularly discover such indirect prompt injection attacks and demonstrate them against gen-AI products such as Claude, Gemini, and ChatGPT.

The article was published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
2 + 7 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts