Security researchers have uncovered a novel attack technique that weaponizes Google Calendar invites to expose users’ private information. The vulnerability exploits prompt-injection methods, allowing attackers to bypass Google Calendar’s privacy controls by hiding a malicious payload inside an otherwise legitimate-looking calendar event.
In this scenario, an attacker creates a Google Calendar event and sends an invite to the victim’s email address. Within the event description, the attacker embeds carefully crafted hidden instructions. These instructions appear harmless to human readers—often buried in normal text or lightly obfuscated—but are designed to influence Gemini, Google’s AI assistant, when it processes the content.
The attack does not require immediate user interaction. Later, when the victim asks Gemini a routine question such as “What meetings do I have tomorrow?” or “Do I have any scheduling conflicts?”, Gemini pulls calendar data to generate a response. While parsing the malicious event’s description, Gemini mistakenly treats the hidden instructions as higher-priority commands than its built-in privacy safeguards.
As a result, Gemini may automatically create a new calendar event and populate its description with a detailed summary of the victim’s meetings, including titles, timings, participants, locations, notes, and potentially confidential project information. If this newly created event is visible to others in the organization or accessible via a shared link, the attacker can read the description and extract sensitive data—without the victim ever realizing it occurred.
Such exposed information could then be leveraged for highly targeted phishing attacks or corporate espionage, highlighting emerging risks at the intersection of AI assistants and everyday productivity tools.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
