// Alert

Gemini threat report

SafeBreach Labs researchers disclosed a novel indirect prompt injection (IPI) vulnerability in Google Gemini's voice assistant that allows attackers to silently hijack the AI through malicious payloads in WhatsApp, Slack, SMS, Signal, Instagram, and Messenger notifications. The attack exploits Gemini's notification processing to embed malicious instructions and bypass user awareness, enabling unauthorized actions including smart home control, social engineering, and persistent memory poisoning. Researchers developed a bypass technique called Fake Context Alignment to circumvent Google's mitigations. Google confirmed on November 14, 2025, that content classifier updates mitigated the vulnerability.

// Get alerts for Gemini