If you rely on Google’s Gemini chatbot to summarize your incoming emails, be careful: The technology can also be abused to deliver phishing attacks, according to new security research. As BleepingComputer reports, the flaw can trick Gemini into displaying a fake warning in the email summary, claiming the user’s Gmail password has been compromised while urging them to call a fake Google phone number to fix the problem. Mozilla’s bug bounty program for AI services, 0DIN, disclosed the potential vulnerability, which affects the Gemini email summary feature for Workspace users. In its report, 0DIN demonstrated how attackers can embed hidden prompts in emails to manipulate Gemini’s output. One example showed an instruction formatted like this: To evade detection by the user, the prompt can be hidden by setting the font size to zero and coloring the text white – making it invisible in the email body, but still readable by Gemini. The result caused Gemini to “faithfully obey” and attach t...