Google hired NCC Group to evaluate its Private AI Compute system, which aims to enhance mobile AI capabilities using cloud resources while maintaining user privacy. The review included two phases: an architecture assessment and a detailed security analysis of various components, involving ten consultants over 100 person-days.

The article details a vulnerability found in Google Calendar that allows attackers to bypass privacy controls using natural language prompts embedded in calendar invites. This exploit demonstrates the challenges of securing AI-integrated applications, where malicious intent can be hidden in seemingly benign language.

Google Gemini's Command-Line Interface (CLI) has been found to be vulnerable to prompt injection attacks, allowing for potential arbitrary code execution. This security flaw raises concerns about the safety and reliability of utilizing AI models in various applications.

Significant vulnerabilities in Google's Gemini AI models have been identified, exposing users to various injection attacks and data exfiltration. Researchers emphasize the need for enhanced security measures as these AI tools become integral to user interactions and sensitive information handling.

Google is leveraging advancements in AI to combat online scams across its platforms, including Search, Chrome, and Android. By enhancing their detection systems and implementing on-device models like Gemini Nano, they aim to significantly reduce scams such as phishing, tech support fraud, and deceptive notifications while adapting to new threats in real-time.

Google is offering rewards for identifying AI-related security vulnerabilities as part of its ongoing effort to enhance the safety of its artificial intelligence technologies. This initiative encourages researchers and developers to report potential weaknesses, thereby strengthening the overall security framework of AI applications.

Security researchers at Trail of Bits have discovered that Google's Gemini tools are vulnerable to image-scaling prompt injection attacks, allowing malicious prompts to be embedded in images that can manipulate the AI's behavior. Google does not classify this as a security vulnerability due to its reliance on non-default configurations, but researchers warn that such attacks could exploit AI systems if not properly mitigated. They recommend avoiding image downscaling in agentic AI systems and implementing systematic defenses against prompt injection.

Google has announced that its AI-based bug hunter has successfully identified 20 security vulnerabilities, enhancing the company's commitment to improving software security. This innovative tool aims to streamline the process of detecting potential threats in various applications.