Google is addressing the growing threat of indirect prompt injection attacks on generative AI systems, which involve hidden malicious instructions in external data sources. Their layered security strategy for the Gemini platform includes advanced content classifiers, security thought reinforcement, markdown sanitization, user confirmation mechanisms, and end-user security notifications to enhance protection against such attacks.

Google Gemini's Command-Line Interface (CLI) has been found to be vulnerable to prompt injection attacks, allowing for potential arbitrary code execution. This security flaw raises concerns about the safety and reliability of utilizing AI models in various applications.

Google has introduced new AI tools designed to enhance security for Chrome users, specifically targeting phishing and scam threats. These tools aim to proactively identify and block malicious sites, thereby improving the overall safety of browsing experiences for users worldwide.

Google has warned users of the Salesloft Drift AI chat agent that their security tokens may be compromised following a breach that allowed attackers to access Google Workspace accounts. The situation is more extensive than initially reported, prompting Google to revoke affected tokens and disable integrations, while Salesloft has not yet updated its security guidance to reflect the new findings.

Hackers are leveraging Google.com to distribute malware that evades traditional antivirus software, raising significant security concerns. Users are advised to employ various protective measures to safeguard their systems against these threats.

Google plans to implement a verification process for all Android developers to enhance security and trust within its app ecosystem. This new measure aims to prevent fraudulent apps and protect users from malicious software. The initiative is part of Google's ongoing efforts to improve safety in the Android platform.

Google has resolved a critical bug that posed a risk of inadvertently exposing users' private phone numbers through its services. The company acted quickly to patch the vulnerability after it was discovered, ensuring that user privacy is maintained.

The article discusses recent leaks related to Google's phone models, highlighting security vulnerabilities and concerns regarding data privacy. It emphasizes the implications these issues may have for users and the potential impact on Google's reputation in the tech industry.

Significant vulnerabilities in Google's Gemini AI models have been identified, exposing users to various injection attacks and data exfiltration. Researchers emphasize the need for enhanced security measures as these AI tools become integral to user interactions and sensitive information handling.

Scale AI faced significant challenges with spam and security while working with Google, particularly during the training of its Gemini AI program. Internal documents reveal that unqualified contractors submitted poor-quality work, often evading detection and raising concerns about the integrity of the data provided to Google. Despite assurances from Scale AI, the situation highlighted major lapses in their vetting and security protocols.

Security researchers at Trail of Bits have discovered that Google's Gemini tools are vulnerable to image-scaling prompt injection attacks, allowing malicious prompts to be embedded in images that can manipulate the AI's behavior. Google does not classify this as a security vulnerability due to its reliance on non-default configurations, but researchers warn that such attacks could exploit AI systems if not properly mitigated. They recommend avoiding image downscaling in agentic AI systems and implementing systematic defenses against prompt injection.

Google is implementing a security feature in Chromium that prevents Google Chrome from running with administrative permissions by automatically "de-elevating" the browser upon launch. This change, inspired by a similar feature in Microsoft's Edge browser, aims to mitigate security risks associated with running the browser as an administrator, which can lead to malicious files executing with full system access.

Google is offering rewards for identifying AI-related security vulnerabilities as part of its ongoing effort to enhance the safety of its artificial intelligence technologies. This initiative encourages researchers and developers to report potential weaknesses, thereby strengthening the overall security framework of AI applications.

Google is leveraging advancements in AI to combat online scams across its platforms, including Search, Chrome, and Android. By enhancing their detection systems and implementing on-device models like Gemini Nano, they aim to significantly reduce scams such as phishing, tech support fraud, and deceptive notifications while adapting to new threats in real-time.

Google Chrome will introduce an automatic password update feature by 2025, enhancing user security by ensuring passwords are regularly refreshed without manual intervention. This development aims to streamline the management of passwords, reducing the risk of breaches due to outdated credentials.

Google Gemini for Workspace can be exploited through prompt-injection attacks that generate misleading email summaries, potentially leading users to phishing sites without attachments or direct links. Researcher Marco Figueroa revealed this vulnerability, highlighting how hidden instructions in emails can manipulate Gemini's output, prompting users to trust false security alerts. Google is aware of the issue and is implementing defenses against such attacks.

A significant vulnerability in Google's Quick Share feature has been patched, addressing potential risks that could compromise user security. The update reinforces the importance of keeping software up to date to mitigate threats from exploits targeting such functionalities.

Google has announced that its AI-based bug hunter has successfully identified 20 security vulnerabilities, enhancing the company's commitment to improving software security. This innovative tool aims to streamline the process of detecting potential threats in various applications.

Google Chrome will require user permission by default to access insecure HTTP websites starting with the release of Chrome 154 in October 2026. This change aims to enhance security by encouraging users to connect via HTTPS and reduce the risk of man-in-the-middle attacks. Users will have the option to enable warnings for public or both public and private sites, with the expectation that most websites are already secured with HTTPS.

Google is introducing a new security feature for Android devices that automatically reboots locked devices after three days of inactivity, enhancing protection against data extraction by forensic tools. This update aims to keep user data encrypted in the Before First Unlock (BFU) state for longer periods, complicating unauthorized access during forensic investigations. Users can obtain the update through the Google Play store, though it will be rolled out gradually.

Google has introduced the Agent Payments Protocol (AP2) to facilitate secure agent-led transactions in e-commerce, garnering support from over 60 organizations. AP2 uses cryptographically signed digital contracts called Mandates to ensure user authorization and accountability during transactions, addressing security concerns associated with AI agents handling payment details. The protocol supports various payment methods and is available for organizations to implement through Google's public GitHub repository.