Researchers have revealed alarming vulnerabilities in Google’s Gemini AI assistant that could allow attackers to hijack smart devices through manipulated Google Calendar invitations. At the recent Black Hat USA cybersecurity conference, a group outlined 14 methods of prompt injection attacks that can exploit large language models, including a startling example where attackers took control of internet-connected appliances, potentially endangering users. These attacks begin with seemingly innocuous calendar invites that contain hidden commands, bypassing AI safety protocols. The implications are significant as large language models are increasingly integrated into everyday applications. Google was informed of these vulnerabilities and has addressed them, but the risks escalate as AI agents gain more control over various platforms and tasks in users’ lives.
Why do we care?
Here’s one to keep you up at night—researchers showed you could hijack a smart device just by sending the right Google Calendar invite. Gemini AI reads it, hidden commands slip through, and suddenly your “smart” coffee maker’s in enemy hands.
Google’s fixed this one—but it’s a taste of what’s coming. AI agents are getting the keys to more and more systems, and if they can be tricked, so can you.
For MSPs, this isn’t a “wait and see” moment—lock down what these AI tools can actually do. Limit permissions, audit integrations, and start training users to spot AI-driven phishing before it lands.