AI’s Blind Spot: How Hidden Image Commands Could Lead to Data Heists!

Hidden commands in images exploit AI chatbots, leading to data theft on platforms like Gemini. Cybersecurity researchers discovered this sneaky attack, where high-resolution images contain invisible text that AI models execute without user consent. Watch out for images in your inbox; they might be whispering secrets to your AI!

3P
Published: September 1, 2025 8:49 pmAdded: September 1, 2025 at 2:11 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew pictures could be such double agents? While we were busy trying to decode the Mona Lisa’s smile, hackers have been stuffing images with secret commands. The next time you download a cute cat picture, you might just be inviting a hacker to your Google Calendar tea party! Beware of those pixelated spies!

Key Points:

  • Researchers at Trail of Bits discovered a vulnerability in AI systems via “image scaling attacks.”
  • High-resolution images can contain hidden commands that AI models execute when downscaled.
  • Google’s Gemini CLI, web interface, and Google Assistant have been tested with this attack.
  • A tool called Anamorpher has been developed to help defend against these attacks.
  • Solutions include displaying images as seen by AI and requiring explicit user permission for sensitive actions.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?