Google Gemini Enterprise and Vertex AI Search security update
Security Patch Release
Summary
Hide ▲
Show ▼
Google deployed updates to Gemini Enterprise and Vertex AI Search, reducing a zero-click data-leak risk tied to their shared retrieval and indexing workflow. The remediation changed how the two AI products interact with the underlying systems after a June 2025 vulnerability report. The issue involved indirect prompt injection that could let poisoned Workspace content exfiltrate sensitive corporate information without a click. The fix matters because it narrows the exposure path for organizations using these AI retrieval features.
Related Happenings
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/Service
H score22
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/ServiceAbout this happening: Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
H score30
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
H score33
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Trend
H score76
First: 05.05.2026 13:30
Last: 05.05.2026 13:30
Sources 1
About this happening:
A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
TrendAbout this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Enterprise AI deployments need governance and segmentation after red-team failures
Defensive Guidance
H score15
First: 24.04.2026 15:10
Last: 24.04.2026 15:10
Sources 1
About this happening:
**Enterprise AI deployments** are exposing familiar security gaps, making **governance**, **segmentation**, and **red-team validation** urgent to reduce the risk of **data theft**...
Enterprise AI deployments need governance and segmentation after red-team failures
Defensive GuidanceAbout this happening: **Enterprise AI deployments** are exposing familiar security gaps, making **governance**, **segmentation**, and **red-team validation** urgent to reduce the risk of **data theft**...
Timeline
-
10.12.2025 14:05 2 articles · 7mo ago
Initial report: Google Gemini Enterprise and Vertex AI Search security update
Initial DisclosureResearchers reported the flaw to **Google** in **June 2025**, starting coordinated remediation for the affected AI retrieval stack. The early phase centered on identifying a shared workflow weakness in **Gemini Enterprise** and **Vertex AI Search** before updates were deployed.
Show sources
- Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data — www.infosecurity-magazine.com — 10.12.2025 14:05
- Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data — www.infosecurity-magazine.com — 10.12.2025 14:05