{"id":223043,"date":"2025-10-08T04:19:27","date_gmt":"2025-10-08T09:19:27","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/10\/google-wont-fix-new-ascii-smuggling-attack-in-gemini"},"modified":"2025-10-08T04:19:27","modified_gmt":"2025-10-08T09:19:27","slug":"google-wont-fix-new-ascii-smuggling-attack-in-gemini","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/10\/google-wont-fix-new-ascii-smuggling-attack-in-gemini","title":{"rendered":"Google won\u2019t fix new ASCII smuggling attack in Gemini"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/google-wont-fix-new-ascii-smuggling-attack-in-gemini2.jpg\"><\/a><\/p>\n<p>Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with fake information, alter the model\u2019s behavior, and silently poison its data.<\/p>\n<p>ASCII smuggling is an attack where special characters from the Tags Unicode block are used to introduce payloads that are invisible to users but can still be detected and processed by large-language models (LLMs).<\/p>\n<p>It\u2019s similar to other attacks that researchers presented recently against Google Gemini, which all exploit a gap between what users see and what machines read, like performing <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-gemini-flaw-hijacks-email-summaries-for-phishing\/\" target=\"_blank\" rel=\"nofollow noopener\">CSS manipulation<\/a> or <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-calendar-invites-let-researchers-hijack-gemini-to-leak-user-data\/\" target=\"_blank\" rel=\"nofollow noopener\">exploiting GUI limitations<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with fake information, alter the model\u2019s behavior, and silently poison its data. ASCII smuggling is an attack where special characters from the Tags Unicode block are used to introduce payloads [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-223043","post","type-post","status-publish","format-standard","hentry","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/223043","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=223043"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/223043\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=223043"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=223043"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=223043"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}