// GeminiHIGH
SafeBreach Labs researchers disclosed a novel indirect prompt injection (IPI) vulnerability in Google Gemini's voice assistant that allows attackers to silently hijack the AI through malicious payloads in WhatsApp, Slack, SMS, Signal, Instagram, and Messenger notifications. The attack exploits Gemini's notification processing to embed malicious instructions and bypass user awareness, enabling unauthorized actions including smart home control, social engineering, and persistent memory poisoning. Researchers developed a bypass technique called Fake Context Alignment to circumvent Google's mitigations. Google confirmed on November 14, 2025, that content classifier updates mitigated the vulnerability.
- Exploiting Gemini via Prompt Injection | SafeBreach Original Res(opens in a new tab)
- New Google Gemini Vulnerability Exploited via Prompt Injections (opens in a new tab)
- New Google Gemini Vulnerability Exploited via Prompt Injections (opens in a new tab)
- Google Gemini security flaw lets hackers hijack your Android pho(opens in a new tab)
- Hackers Exploit Google Gemini Flaw Using Malicious Messages from(opens in a new tab)
- Exploiting Gemini via Prompt Injection | SafeBreach Original Res(opens in a new tab)
// Get alerts for Gemini