How hackers can weaponize Gemini’s summary feature

Kerem Gülen · July 14, 2025, 13:41 ·1 min read

A new vulnerability in Google Gemini for Workspace allows for phishing attacks by manipulating email summaries without attachments or direct links. Disclosed by researcher Marco Figueroa via Mozilla’s 0din bug bounty program, the method leverages indirect prompt injections hidden in emails.

Attackers embed malicious instructions in email body text using HTML and CSS to render them invisible. When a recipient asks Gemini to summarize the email, the AI parses and obeys the hidden directive. An example showed Gemini generating a fake security warning about a compromised Gmail password, including a support phone number, posing as a legitimate alert.

While Google stated they are hardening defenses and implementing mitigations, they have seen no evidence of this attack in the wild. Figueroa suggests security teams remove or neutralize hidden content and implement post-processing filters on Gemini output. Users are advised not to consider Gemini summaries authoritative for security alerts.

Written by

Kerem Gülen

Kerem from Turkey has an insatiable curiosity for the latest advancements in tech gadgets and a knack for innovative thinking. With 3 years of experience in editorship and a childhood dream of becoming a journalist, Kerem has always been curious about the latest tech gadgets and is constantly seeking new ways to create. As a Master's student in Strategic Communications, Kerem is eager to learn more about the ever-evolving world of technology. His primary focuses are artificial intelligence and digital inclusion, and he delves into the most current and accurate information on these topics.

View all posts →