Google automatically activates AI functions to collect data from Gmail and search services—a practice that Google’s own Gemini chatbot describes as “privacy-violating opt-out fatigue.”
Gemini 3.5 Flash can now capture screen content and independently execute computer-controlled workflows, opening up new integration possibilities for enterprise applications.
Google eliminates the security risk of unrestricted API keys in Gemini through a phased migration to authentication keys with granular access control by September 2026.
ChatGPT retains the most users but must cede market share to Gemini (27.7%) and Claude (10.3%), as the industry shifts from user acquisition to monetization.
Attackers can inject malicious commands into messenger messages through fake context alignment, which Gemini processes undetected and uses to control authorized devices or misuse data.
A manipulated notification via WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could hijack Google Gemini on Android devices and force it to execute arbitrary actions without requiring a malicious app to be installed on the phone.
Prompt injection vulnerability in Google Gemini Voice Assistant enables hidden malicious commands through manipulated notifications, potentially leading to social engineering and data misuse.