Did You Just Get a Calendar Invite from a Stranger? It Might Be a Prompt Injection

Have you received a calendar invite lately from someone you never booked with?
That “meeting” could be a prompt‑injection booby trap. Researchers just showed you can hide malicious instructions inside a Google Calendar event so that when Gemini summarizes your schedule, it follows those hidden prompts—kicking off actions and even leaking data. Zero clicks required. WIREDSafeBreach

At the same time, we’re seeing zero‑click compromises of enterprise AI agents (ChatGPT with Connectors, Copilot, etc.). A single “poisoned” document can make an agent pull data from connected apps and smuggle it out in a harmless‑looking image URL. Again: no user action. WIREDCSO Online

Here’s how I’m handling it with my team—immediately:

1. Treat inbound content as untrusted. Docs, emails, tickets, calendar—all of it.

2. Clamp agent permissions. Least‑privilege scopes, block unknown domains, require approvals for sensitive actions.

3. Log & alert. Track every tool call and outbound link; flag unusual reads or mass access.

Bottom line: AI agents are amazing accelerators—but untrusted content is now a control plane. Secure them like you would any powerful integration.

#GenAISecurity #PromptInjection #ZeroClick #AIagents #Cybersecurity #AppSec