A bug in Google Gemini is allowing criminals to exploit the artificial intelligence itself, using summarized emails to launch phishing attacks. Although Google has reportedly known about the issue since last year, cybersecurity experts say it still hasn’t been fixed.
By slipping invisible text into an email—hidden with HTML tricks like white text or concealed formatting—criminals can plant a message the recipient never sees. The email appears harmless when opened, but Gemini reads everything, including what’s hidden.
If the recipient asks Gemini to summarize the email, the AI agent unwittingly includes the hidden text in its summary. That text might tell Gemini to produce a warning that the user’s Gmail password was compromised.
Since the notification appears to come directly from Gemini itself, the recipient is more likely to trust it—and to follow urgent instructions, like changing a password or calling a supposed support number.
Google’s spam filters tend to flag suspicious links or attachments, so criminals leave those out. That helps these messages slip past defenses and into inboxes, giving the criminals a way to redirect their victims to phishing sites without using obvious red flags.
Challenges for Detection
Detecting these malicious messages is a highly technical challenge. Some filters scan Gemini’s output for urgent messages, URLs, or phone numbers, flagging the content for further review. Other methods can remove, neutralize, or ignore content designed to be hidden within the body text.
As with most phishing attacks, one of the most effective defenses is education. Organizations need to ensure employees are trained to be suspicious of any urgent requests to take action—even if those requests appear to come from their AI client.
Turning AI Against Users
This isn’t the first attempt to leverage AI in phishing attacks. A technique called polymorphic phishing incorporates AI to randomize components of fraudulent emails—such as sender names, subject lines, and even the content. That helps the messages circumvent fraud detection systems trained to identify patterns in blanket emails.
Ironically, Google has long touted the abilities of Gemini to assist in cybersecurity efforts. It plays a pivotal role in the Google Threat Intelligence cybersecurity platform, which is designed to give users a more comprehensive understanding of the threat landscape and smarter insights into attacks.
