Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed private meeting data. The flaw allowed threat actors to embed a malicious payload within a calendar invite, which activated when a user asked Gemini about their schedule. Gemini then created a new calendar event containing a summary of the user's private meetings, which was visible to the attacker. The issue has since been addressed, but it highlights the need for constant evaluation of AI systems for security risks.