Google fixed GeminiJack, a zero-click Gemini Enterprise flaw that could leak corporate data via crafted emails, invites, or documents, Noma Security says. Google addressed a Gemini Enterprise flaw dubbed GeminiJack, which can be exploited in zero-click attacks triggered via crafted emails, invites, or documents. The vulnerability could have exposed sensitive corporate data, according to Noma […] https://noma.security/wp-content/uploads/Vertex_Lables.mp4 The researchers discovered the vulnerability during a security assessment on 05/06/25 and reported the flaw to the Google Security Team the same day. Google quickly addressed the issue, collaborating with researchers to fix the RAG pipeline flaw that let malicious content be misinterpreted as instructions. “GeminiJack demonstrates the evolving security landscape as AI systems become deeply integrated with organizational data. While Google has addressed this specific issue, the broader category of indirect prompt injection attacks against RAG systems requires continued attention from the security community.” concludes the report. “This vulnerability represents a fundamental shift in how we must think about enterprise security. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, Google)
Published: 2025-12-11T20:16:22