Google Gemini gains computer control, raising AI security risks

Image credit: Search Engine Journal

Google’s Gemini 3.5 Flash now features integrated computer control capabilities, allowing AI agents to manage browsers and desktop applications, prompting cybersecurity concerns over potential exploitation by malicious actors.

The new functionality enables AI agents to directly interact with user interfaces and automate workflows previously limited to graphical interfaces, significantly expanding their operational scope and increasing potential attack surfaces.

A senior scientist at Google DeepMind warned that the scaling of AI agents creates new incentives for malicious activities, with hackers already setting traps to exploit these systems, according to company statements.

Cybersecurity experts reported incidents of illicit credit card charges stemming from interactions with AI agents, such as one case involving an Anthropic Claude AI agent, which was potentially compromised by a malicious ‘skill’ file.

Google issued seven safety best practices for AI agents to mitigate risks, including the implementation of human-in-the-loop confirmation for critical actions, the use of secure execution environments, and rigorous input sanitization.

The company stated that the enhanced capabilities of AI agents broaden the potential for attacks, transforming websites into potential battlegrounds where malicious actors could target AI agents.

Site owners may need to implement stronger bot controls and develop better methods for detecting hidden prompt-injection instructions embedded within their online content to protect against these new threats.

The expansion of AI agent functionality into direct computer control represents a significant shift in automation, but it also introduces complex security challenges that require immediate attention from developers and users alike.

Source: Search Engine Journal