Google Gemini Enterprise and Vertex AI Search security update
Security Patch Release
Summary
Hide ▲
Show ▼
Google deployed updates to Gemini Enterprise and Vertex AI Search, reducing a zero-click data-leak risk tied to their shared retrieval and indexing workflow. The remediation changed how the two AI products interact with the underlying systems after a June 2025 vulnerability report. The issue involved indirect prompt injection that could let poisoned Workspace content exfiltrate sensitive corporate information without a click. The fix matters because it narrows the exposure path for organizations using these AI retrieval features.
Related Happenings
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Target Trend
First: 05.05.2026 13:30
Last: 05.05.2026 13:30
Sources 1
About this happening:
A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Target TrendAbout this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Enterprise AI deployments need governance and segmentation after red-team failures
Defensive Guidance
First: 24.04.2026 15:10
Last: 24.04.2026 15:10
Sources 1
About this happening:
**Enterprise AI deployments** are exposing familiar security gaps, making **governance**, **segmentation**, and **red-team validation** urgent to reduce the risk of **data theft**...
Enterprise AI deployments need governance and segmentation after red-team failures
Defensive GuidanceAbout this happening: **Enterprise AI deployments** are exposing familiar security gaps, making **governance**, **segmentation**, and **red-team validation** urgent to reduce the risk of **data theft**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
Timeline
-
10.12.2025 14:05 2 articles · 5mo ago
Initial report: Google Gemini Enterprise and Vertex AI Search security update
Initial DisclosureResearchers reported the flaw to **Google** in **June 2025**, starting coordinated remediation for the affected AI retrieval stack. The early phase centered on identifying a shared workflow weakness in **Gemini Enterprise** and **Vertex AI Search** before updates were deployed.
Show sources
- Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data — www.infosecurity-magazine.com — 10.12.2025 14:05
- Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data — www.infosecurity-magazine.com — 10.12.2025 14:05