.elementor-widget-container{margin:0px 0px 0px 0px;padding:0px 0px 0px 0px;}.elementor-65851 .elementor-element.elementor-element-1cf67f8.elementor-element{–flex-grow:0;–flex-shrink:0;}.elementor-65851 .elementor-element.elementor-element-fba5b18{–display:flex;–flex-direction:row;–container-widget-width:initial;–container-widget-height:100%;–container-widget-flex-grow:1;–container-widget-align-self:stretch;–flex-wrap-mobile:wrap;}.elementor-widget-form .elementor-field-group > label, .elementor-widget-form .elementor-field-subgroup label{color:var( –e-global-color-text );}.elementor-widget-form .elementor-field-type-html{color:var( –e-global-color-text );}.elementor-widget-form .elementor-field-group .elementor-field{color:var( –e-global-color-text );}.elementor-widget-form .e-form__buttons__wrapper__button-next{background-color:var( –e-global-color-accent );}.elementor-widget-form .elementor-button[type=”submit”]{background-color:var( –e-global-color-accent );}.elementor-widget-form .e-form__buttons__wrapper__button-previous{background-color:var( –e-global-color-accent );}.elementor-widget-form{–e-form-steps-indicator-inactive-primary-color:var( –e-global-color-text );–e-form-steps-indicator-active-primary-color:var( –e-global-color-accent );–e-form-steps-indicator-completed-primary-color:var( –e-global-color-accent );–e-form-steps-indicator-progress-color:var( –e-global-color-accent );–e-form-steps-indicator-progress-background-color:var( –e-global-color-text );–e-form-steps-indicator-progress-meter-color:var( –e-global-color-text );}.elementor-65851 .elementor-element.elementor-element-5169176{width:var( –container-widget-width, 98.54% );max-width:98.54%;–container-widget-width:98.54%;–container-widget-flex-grow:0;–e-form-steps-indicators-spacing:17px;–e-form-steps-indicator-padding:30px;–e-form-steps-indicator-inactive-secondary-color:#ffffff;–e-form-steps-indicator-active-primary-color:var( –e-global-color-secondary );–e-form-steps-indicator-active-secondary-color:#ffffff;–e-form-steps-indicator-completed-secondary-color:#ffffff;–e-form-steps-divider-width:2px;–e-form-steps-divider-gap:10px;}.elementor-65851 .elementor-element.elementor-element-5169176 > .elementor-widget-container{margin:0px 0px 0px 0px;padding:0px 0px 0px 0px;}.elementor-65851 .elementor-element.elementor-element-5169176.elementor-element{–align-self:center;–flex-grow:0;–flex-shrink:0;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-field-group{padding-right:calc( 60px/2 );padding-left:calc( 60px/2 );margin-bottom:20px;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-form-fields-wrapper{margin-left:calc( -60px/2 );margin-right:calc( -60px/2 );margin-bottom:-20px;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-field-group.recaptcha_v3-bottomleft, .elementor-65851 .elementor-element.elementor-element-5169176 .elementor-field-group.recaptcha_v3-bottomright{margin-bottom:0;}body.rtl .elementor-65851 .elementor-element.elementor-element-5169176 .elementor-labels-inline .elementor-field-group > label{padding-left:0px;}body:not(.rtl) .elementor-65851 .elementor-element.elementor-element-5169176 .elementor-labels-inline .elementor-field-group > label{padding-right:0px;}body .elementor-65851 .elementor-element.elementor-element-5169176 .elementor-labels-above .elementor-field-group > label{padding-bottom:0px;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-field-type-html{padding-bottom:0px;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-field-group .elementor-field:not(.elementor-select-wrapper){background-color:#ffffff;border-width:1px 1px 1px 1px;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-field-group .elementor-select-wrapper select{background-color:#ffffff;border-width:1px 1px 1px 1px;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-button{font-size:16px;font-weight:400;line-height:14px;letter-spacing:1px;border-radius:5px 5px 5px 5px;}.elementor-65851 .elementor-element.elementor-element-5169176 .e-form__buttons__wrapper__button-next{background-color:#000000;color:#ffffff;transition-duration:600ms;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-button[type=”submit”]{background-color:#000000;color:#ffffff;transition-duration:600ms;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-button[type=”submit”] svg *{fill:#ffffff;transition-duration:600ms;}.elementor-65851 .elementor-element.elementor-element-5169176 .e-form__buttons__wrapper__button-previous{background-color:#000000;color:#ffffff;transition-duration:600ms;}.elementor-65851 .elementor-element.elementor-element-5169176 .e-form__buttons__wrapper__button-next:hover{background-color:var( –e-global-color-9cda7ec );color:#ffffff;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-button[type=”submit”]:hover{background-color:var( –e-global-color-9cda7ec );color:#ffffff;}.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-button[type=”submit”]:hover svg *{fill:#ffffff;}.elementor-65851 .elementor-element.elementor-element-5169176 .e-form__buttons__wrapper__button-previous:hover{color:#ffffff;}@media(max-width:1024px){.elementor-65851 .elementor-element.elementor-element-fba5b18{–min-height:100px;–flex-direction:column;–container-widget-width:calc( ( 1 – var( –container-widget-flex-grow ) ) * 100% );–container-widget-height:initial;–container-widget-flex-grow:0;–container-widget-align-self:initial;–flex-wrap-mobile:wrap;–justify-content:space-between;–align-items:center;–flex-wrap:wrap;}}@media(max-width:767px){.elementor-65851 .elementor-element.elementor-element-89c0dd0{–flex-wrap:wrap;}.elementor-65851 .elementor-element.elementor-element-5169176.elementor-element{–flex-grow:1;–flex-shrink:0;}}@media(min-width:768px){.elementor-65851 .elementor-element.elementor-element-89c0dd0{–width:90%;}.elementor-65851 .elementor-element.elementor-element-fca7fb2{–width:58.509%;}.elementor-65851 .elementor-element.elementor-element-fba5b18{–width:74%;}}@media(max-width:1024px) and (min-width:768px){.elementor-65851 .elementor-element.elementor-element-fca7fb2{–width:288.502px;}.elementor-65851 .elementor-element.elementor-element-fba5b18{–width:500px;}}/* Start custom CSS for form, class: .elementor-element-5169176 */.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-field-group {
width: 100%;
}
.elementor-65851 .elementor-element.elementor-element-5169176 .elementor-button {
width: 100%;
display: block;
}/* End custom CSS */]]>
A newly disclosed vulnerability in Google’s Gemini Enterprise allowed attackers to extract private corporate data without requiring any interaction from the user.
The issue, discovered by researchers at Noma Security and named GeminiJack, took advantage of how Gemini handled shared content when performing AI-powered searches. Instead of relying on malware or phishing, the attack used carefully placed prompt injections inside documents, calendar invites, and emails.
Once Gemini indexed the shared content, it treated the hidden prompt like part of its normal instructions.
Later, when an employee searched for something like “customer invoices” or “sales targets,” the AI followed the attacker’s command. It pulled sensitive data and placed it inside an image link that sent the information to the attacker’s server.
To the employee, the search result looked normal, and no security systems flagged the activity.
Why It Matters: This exploit introduced a threat that relied entirely on shared content to cause a breach. Users didn’t need to click links or open files, and security tools stayed silent. The AI operated through approved systems and behaved as expected, which allowed the data to be taken without detection. The problem came from how the AI interpreted and acted on the content it was given.
Prompt Injection Used Shared Workspace Content: Attackers embedded hidden instructions inside Google Docs, Calendar events, and Gmail messages. Once these items were shared and indexed, the AI treated them as part of the search environment. The prompts instructed Gemini to look for certain terms, such as “confidential” or “internal report,” and include the results inside an HTML image tag.
Trigger Came From Routine AI Use: Employees didn’t need to take any special action. A simple AI query, like “show latest contracts,” was enough to activate the attack. Gemini included the attacker’s prompt in the search context, followed the instructions, and placed the results into a request for an image. The image URL pointed to the attacker’s server.
No Alerts or Warnings Were Triggered: The final response included an image that the user’s browser attempted to load. Because the image request looked harmless, it passed through security filters without inspection. Antivirus tools and DLP systems saw nothing out of the ordinary. From the user’s perspective, the AI worked as intended.
RAG Design Increased Exposure: Gemini’s Retrieval-Augmented Generation system pulls information from Gmail, Calendar, and Docs to improve search results. This same system made it possible for malicious prompts to influence the AI’s behavior. Once a shared file was indexed, it could affect future searches across the organization, including content far beyond the original source.
Google Made Structural Changes to Mitigate the Flaw: After reviewing the report from Noma Security, Google updated how Gemini processes retrieved content. Vertex AI Search was separated from Gemini, and new limits were introduced to reduce the influence of prompt-like text within indexed materials. These changes were designed to prevent similar attacks from using shared content to affect AI behavior.
Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data – Infosecurity Magazine
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.