Security researchers demonstrated a novel attack vector against Google's Gemini AI, achieving control of smart home devices via a manipulated calendar invite. The 'promptware' attack embeds malicious instructions within the calendar event's natural language description. When Gemini summarises upcoming events, it unwittingly executes these commands, affecting connected devices.
This exploit leverages Gemini's integration with Google Workspace and smart home APIs, bypassing conventional security. Researchers crafted invites with specific phrasing to trigger actions on thermostats, security cameras, and other devices. Google has since been notified and has implemented mitigations, including enhanced prompt filtering and restrictions on calendar data interaction.
The researchers believe this is the first time a generative AI hack has had real-world consequences. Experts warn that similar AI vulnerabilities remain a serious risk as AI agents become more widespread.
