A recent investigation has uncovered a significant vulnerability in Google's ecosystem that exploits Google Calendar's privacy controls through a seemingly benign calendar invite. The attack leverages a technique called Indirect Prompt Injection, allowing unauthorized access to private meeting data and the ability to create deceptive calendar events without user interaction. The flaw highlights a structural limitation in how AI-integrated products, like Google's Gemini, interpret user intent, even with existing safeguards against malicious prompts. The exploit unfolds in three phases. First, an attacker sends a calendar invite with a payload embedded in the event's description. This payload instructs Gemini to summarize private meetings and create a new calendar event containing that information. The attack is triggered when a user queries Gemini about their schedule, activating the dormant payload. The result is that Gemini behaves normally, responding with a harmless message, while in the background, it exfiltrates sensitive meeting details to the attacker. This vulnerability underscores a shift in application security challenges from syntactic to semantic. Traditional security measures focus on identifying clear malicious patterns, like SQL injection or cross-site scripting, which is less effective against AI systems that interpret natural language. The malicious intent can be hidden within seemingly innocuous language, making it difficult for conventional defenses to catch. Protecting against these threats requires a new approach that considers the nuances of language and intent, with an emphasis on runtime systems that can reason about these factors and enforce security policies in real time.