Google Gemini voice flaw lets hackers hide commands

A new vulnerability in Google Gemini's voice assistant allows attackers to exploit prompt injection through notifications, enabling social engineering attacks. SafeBreach's research highlights how malicious commands can be concealed in foreign languages or muted hyperlinks, prompting Gemini to execute unauthorized actions. Despite Google's efforts to enhance security with content classifier updates, the technique remains a risk as it bypasses existing guardrails. SafeBreach emphasizes the need for AI systems to treat all external inputs with skepticism to prevent such abuses.