AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation

mediumnewsLLM-Specific

securitysafety

Source: Embrace The RedFebruary 10, 2025

Summary

Google's Gemini AI can be tricked into storing false information in a user's long-term memory through prompt injection (hidden malicious instructions embedded in documents) combined with delayed tool invocation (planting trigger words that cause the AI to execute commands later when the user unknowingly says them). An attacker can craft a document that appears normal but contains hidden instructions telling Gemini to save false information about the user if they respond with certain words like 'yes' or 'no' in the same conversation.

Classification

Attack Type

Prompt InjectionJailbreak

Attack SophisticationModerate

Impact (CIA+S)

integrity

Affected Vendors

Google

Related Issues

critical

CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-

Similar attackNVD/CVE Database

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 92%