CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Google Gemini Vulnerable to ASCII Smuggling Attacks

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Google has decided not to address a new ASCII smuggling attack in Gemini, which can be exploited to trick the AI assistant into providing false information, altering its behavior, and silently poisoning its data. This vulnerability can be used to embed hidden text in Calendar invites or emails, potentially leading to identity spoofing and data extraction. The attack leverages special characters from the Tags Unicode block to introduce invisible payloads that are processed by large-language models (LLMs). The risk is heightened due to Gemini's integration with Google Workspace and its ability to perform tasks autonomously. Researcher Viktor Markopoulos demonstrated the vulnerability in Gemini, DeepSeek, and Grok, while Claude, ChatGPT, and Microsoft CoPilot were found to be secure against such attacks.

Timeline

  1. 07.10.2025 23:35 1 articles · 2h ago

    Google Gemini Vulnerable to ASCII Smuggling Attacks

    Google has decided not to fix a new ASCII smuggling attack in Gemini. The vulnerability can be exploited to trick the AI assistant into providing false information, altering its behavior, and silently poisoning its data. The attack leverages special characters from the Tags Unicode block to introduce invisible payloads that are processed by LLMs. The risk is heightened due to Gemini's integration with Google Workspace and its ability to perform tasks autonomously. Researcher Viktor Markopoulos demonstrated the vulnerability in Gemini, DeepSeek, and Grok, while Claude, ChatGPT, and Microsoft CoPilot were found to be secure against such attacks.

    Show sources
    Open in new tab

Information Snippets

  • ASCII smuggling attacks use special characters from the Tags Unicode block to introduce invisible payloads that are processed by LLMs.

    First reported: 07.10.2025 23:35
    1 source, 1 article
    Show sources

  • Google Gemini, DeepSeek, and Grok are vulnerable to ASCII smuggling attacks.

    First reported: 07.10.2025 23:35
    1 source, 1 article
    Show sources

  • Claude, ChatGPT, and Microsoft CoPilot are secure against ASCII smuggling attacks due to input sanitization.

    First reported: 07.10.2025 23:35
    1 source, 1 article
    Show sources

  • The attack can be used to embed hidden text in Calendar invites or emails, leading to identity spoofing and data extraction.

    First reported: 07.10.2025 23:35
    1 source, 1 article
    Show sources

  • Google dismissed the issue as not being a security bug, stating it requires social engineering.

    First reported: 07.10.2025 23:35
    1 source, 1 article
    Show sources

  • The attack can trick Gemini into providing false information, such as presenting a malicious site as a legitimate one.

    First reported: 07.10.2025 23:35
    1 source, 1 article
    Show sources