Cybersecurity experts reveal a novel attack where AI prompts in calendar events exploit Google Gemini to leak confidential meeting data without user action.
© RusPhotoBank
Cybersecurity researchers have once again demonstrated how AI can become a tool for novel, unexpected attacks. This time, Google Gemini and its interaction with Google Calendar came under fire. Miggo Security expert Liad Eliyahu described a mechanism that turned the calendar into a data leakage channel—all without any action from the user.
The scheme was straightforward: an attacker would send the victim a standard event invitation. The invitation contained no suspicious links or obvious phishing signs—just a normal meeting description. However, hidden in the description text was a "dormant" malicious prompt in natural language, designed to be processed by Gemini. The attack would trigger later when the user asked the AI a routine question like "Do I have any meetings on Tuesday?" While fulfilling the request, Gemini would scan calendar events and encounter the embedded prompt, then execute its instructions.
The result was a new calendar event containing a detailed summary of all the user's meetings for the selected day. The user would see Gemini's normal response and remain unaware of what had happened. But behind the scenes, an event was created in the calendar that, under corporate settings, was often accessible to the sender of the original invitation. This gave the attacker access to confidential data: meeting participants, discussion topics, and schedules.
Experts warn that this scheme could not only read data but also add misleading false events to the calendar, again without user involvement. The vulnerability has already been patched following investigation, but the method itself shows how vulnerable familiar services can become with AI integration.