Google Gemini can be tricked to disclose system prompts, generate malicious content, and even mount indirect injection attacks, experts have warned.
A new report from cybersecurity researchers HiddenLayer claims the flaws could be abused on Gemini Advanced, integrated with Google Workspace, or the Gemini API.
Google's on it
The second vulnerability is called “crafty jailbreaking” and makes Gemini generate misinformation and malicious content. This could be abused, for example, during elections, to spread dangerous fake news. To get Gemini to generate such results, the researchers simply asked it to enter into a fictional state, after which anything was possible.
Finally, the researchers managed to get Gemini to leak information in the system prompt, by passing repeated uncommon tokens as input.
"Most LLMs are trained to respond to queries with a clear delineation between the user's input and the system prompt," said security researcher Kenneth Yeung.
"By creating a line of nonsensical tokens, we can fool the LLM into believing it is time for it to respond and cause it to output a confirmation message, usually including the information in the prompt."
While these are all dangerous flaws, Google is aware of them and is constantly working on improving its models, it told The Hacker News.
"To help protect our users from vulnerabilities, we consistently run red-teaming exercises and train our models to defend against adversarial behaviors like prompt injection, jailbreaking, and more complex attacks," a Google spokesperson told the publication. "We've also built safeguards to prevent harmful or misleading responses, which we are continuously improving."
More from TechRadar Pro
- A customer managed to get the DPD AI chatbot to swear at them, and it wasn’t even that hard
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now