Hackers Trick Gmail’s Gemini with Invisible Email Scams

In the race to streamline communication, AI assistants like Google’s Gemini for Gmail have become popular time-savers, quickly summarizing lengthy emails so users can efficiently browse their inboxes. But cybercriminals are already finding ways to exploit these tools.

Security researchers have recently uncovered a concerning vulnerability in which hackers are embedding malicious prompts into emails, hidden from human eyes but easily readable by AI assistants like Gemini. When the AI generates a summary, it can inadvertently incorporate scam instructions or misleading content, potentially deceiving users into clicking on malicious links or sharing sensitive information.

These hidden prompts use invisible text formatting, such as white text on a white background or non-visible HTML elements, that bypass human detection but are interpreted by AI models tasked with summarizing the content. The result is a legitimate-looking email that can produce a fraudulent AI-generated summary, steering users into phishing traps.

This emerging tactic highlights a new cybersecurity challenge: AI-assisted reading doesn’t always equal safer reading. Companies like Google are now working to patch these loopholes, while security experts are urging users to exercise caution when using AI summaries. According to a report by Tom’s Hardware and TechRadar Pro, the risk is real and growing as AI tools become integrated into daily workflows.

Experts recommend users always review the full email before acting on AI-generated summaries, especially if the request involves financial transactions, password resets, or unexpected account actions.

As AI continues to reshape how we manage information, cybercriminals are adapting just as quickly. Email convenience is great, but vigilance remains even greater.