Hidden Prompt-Injection Exploits Gmail’s AI Summaries

by Justin Erickson

A researcher discovered and submitted a new AI exploit through 0DIN – Mozilla’s bug bounty program for generative AI tools. This exploit allows attackers to embed invisible HTML/CSS directives inside an email so Gemini for Workspace parrots a fake “security alert” in the Gmail summary pane. Because no links or attachments are present, the message often slips past traditional filters, and users may trust the AI-generated warning enough to call a fake support number or visit a phishing site. Google says it is “hardening defenses” against prompt injection and has seen no in-the-wild abuse. Security teams are urged to use detections to remove, neutralize, or ignore content that is styled to be hidden in the body text. Just as new innovations such as AI are advancing, so are threat actors new phishing and scamming techniques. Learning how to spot these scams is the #1 way to prevent your accounts from being compromised.