Bottom line: Attackers can inject malicious commands into messenger messages through fake context alignment, which Gemini processes undetected and uses to control authorized devices or misuse data.
Security researchers from SafeBreach have documented a vulnerability in Google Gemini that allows attackers to compromise the voice assistant through manipulated messages from messenger apps. The security update was rolled out in November 2025.
SafeBreach researchers have disclosed an attack method called Fake Context Alignment, which exploits Google Gemini through manipulated notifications in WhatsApp, Slack, or SMS. When a user instructs the assistant via voice command to read incoming messages, malicious instructions are injected into the conversation context in the background. These can be embedded in foreign languages or via invisible hyperlinks and are processed by Gemini without being read aloud to the user.
The practical attack scenarios are significant: attackers can control networked household devices via Google Home, unauthorized launch video conferences, or compose fake messages that appear trustworthy. In the most critical case, the AI assistant’s long-term memory can be manipulated to establish persistent control. SafeBreach warns that the attack surface grows exponentially as LLM-powered assistants are integrated into everyday devices.
Google was notified of the issue in August 2025 and subsequently rolled out a security update in November 2025 that includes improved content classifiers to detect such manipulations. SafeBreach published the technical details this week to raise awareness of prompt injections and calls for fundamental architectural changes: providers must reconsider how AI systems analyze trust, context, and cross-channel permissions.
Source: www.it-daily.net · Published June 6, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.5.