Google Patches Zero-Click GeminiJack Vulnerability That Exposed Corporate Workspace Data
Published 2026-04-07AI Regulation and GovernanceHigh⭐ Timeline Candidate
Summary
Security researchers discovered an architectural vulnerability in Google Gemini Enterprise and Vertex AI Search, dubbed 'GeminiJack,' that enabled zero-click indirect prompt injection attacks capable of exfiltrating sensitive corporate data. The flaw allowed attackers to embed malicious instructions in common documents across Gmail, Google Calendar, Google Documents, and other Google Workspace components that Gemini Enterprise has access to. When Gemini retrieved an attacker's document, it misin
Alignment: Reinforces current position
Related Positions: ai-governance-and-risk.md, enterprise-ai-delivery.md, agentic-workflows.md, ai-infrastructure-strategy.md
Related Partnerships: glean.md
prompt-injectiongoogle-geminienterprise-ai-securityzero-click-vulnerabilitygoogle-workspacevertex-aidata-exfiltrationai-governanceindirect-prompt-injectioncorporate-data-protection