Google Gemini: Planting Instructions For Delayed Automatic Tool Invocation
mediumnewsLLM-Specific
securitysafety
Source: Embrace The RedFebruary 23, 2024
Summary
A researcher discovered a vulnerability in Google Gemini where attackers can hide instructions in emails that trick the AI into automatically calling external tools (called Extensions) without the user's knowledge. When a user asks the AI to analyze a malicious email, the AI follows the hidden instructions and invokes the tool, which is a form of request forgery (making unauthorized requests on behalf of the user).
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
integritysafety
Affected Vendors
Google
Related Issues
Original source: https://embracethered.com/blog/posts/2024/llm-context-pollution-and-delayed-automated-tool-invocation/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 85%