Tenable Uncovers ‘Gemini Trifecta’ Vulnerabilities in Google’s AI Suite

New Delhi, Oct 3, 2025 — Cybersecurity firm Tenable has disclosed three critical vulnerabilities in Google’s Gemini AI suite, collectively dubbed the “Gemini Trifecta.” The flaws, now remediated, exposed users to severe privacy risks, including potential theft of sensitive data such as location details and saved user memories.

The vulnerabilities spanned three key Gemini components. In Gemini Cloud Assist, attackers could plant poisoned log entries, which later triggered hidden malicious instructions.

The Gemini Search Personalisation Model allowed silent query injections into browser history, enabling the theft of private data. Meanwhile, the Gemini Browsing Tool could be exploited to make hidden outbound requests embedding user information, sending it directly to attacker-controlled servers.

“Gemini draws its strength from pulling context across logs, searches, and browsing. That same capability can become a liability if attackers poison those inputs. The Gemini Trifecta shows how AI platforms can be manipulated in ways users never see, making data theft invisible and redefining the security challenges enterprises must prepare for.

"Like any powerful technology, large language models (LLMs) such as Gemini bring enormous value, but they remain susceptible to vulnerabilities. Security professionals must move decisively,  locking down weaknesses before attackers can exploit them and building AI environments that are resilient by design, not by reaction. This isn’t just about patching flaws; it’s about redefining security for an AI-driven era where the platform itself can become the attack vehicle,” Liv Matan, Senior Security Researcher at Tenable, said.

While Google has patched the flaws, Tenable urged security teams to treat AI features as active attack surfaces, regularly audit integrations, and strengthen defenses against prompt injection.

The disclosure underscores a growing reality: as AI systems like Gemini become embedded in enterprise workflows, their integrations can open hidden attack channels. According to Tenable, securing AI requires proactive, layered defenses — not just patching flaws after discovery.

Google confirmed all vulnerabilities have been remediated, and no user action is required.