SAFEBREACH researchers discovered a critical vulnerability in Google’s Gemini voice assistant that allows attackers to use indirect prompt injections through common messaging notifications. This new attack, termed 'Fake Context Alignment,' was found to exploit notifications from apps like WhatsApp and Slack to inject malicious commands without users' awareness. Potential impacts include unauthorized control over smart devices and manipulation of communications.
The vulnerability was reported to Google in August 2025 and patched in November 2025. SafeBreach highlighted the need for improved security measures in AI systems to better handle context and permissions.