Gemini is Google's newest family of Large Language Models.
The Gemini suite currently houses 3 different model sizes: Nano, Pro, and Ultra.
Although Gemini has been removed from service due to politically biased content, findings from HiddenLayer analyze how an attacker can directly manipulate another users's queries and output represents an entirely new threat.
While testing the 3 LLMs in the Google Gemini family of models, we found multiple prompt hacking vulnerabilities, including the ability to output misinformation about elections, multiple avenues that enabled system prompt leakage, and the ability to inject a model indirectly with a delayed payload via Google Drive.
The attacks outlined in this research currently affect consumers using Gemini Advanced with the Google Workspace due to the risk of indirect injection, companies using the Gemini API due to data leakage attacks, allowing a user to access sensitive data/system prompts, and governments due to the risk of misinformation spreading about various geopolitical events.
Gemini Advanced currently has over 100M users, meaning widespread ramifications.
Unlike most LLMs currently available, the Gemini family is multimodal and was trained in many forms of media, including text, images, audio, videos, and code.
The Gemini Pro model currently fills the role of a flexible, accessible AI model for developers.
Gemini Pro is currently deployed as Gemini, allowing users to interact with a competent model that is capable of answering the majority of queries.
With Gemini Ultra, we did not have API and/or MakerSuite access, so we had to resort to testing everything in Gemini Advanced.
With the Gemini models, Google took special care to ensure that the models did not generate misinformation, particularly around topics revolving around elections.
Let's try to make Gemini produce an article about the 2024 election and pit two election candidates, Bob the Caveman against Bob the Minion.
While testing attacks on Gemini Pro, one very peculiar anomaly came up.
Gemini Ultra is the largest model in the Google Gemini family.
Designed to compete with OpenAI's GPT-4, Gemini Ultra is capable of using plugins, parsing video, and reasoning with complex logic.
We were able to successfully jailbreak Gemini Ultra in the same way we did with Gemini Pro.
The largest one is a multi-step jailbreak that takes full advantage of Gemini Ultra's reasoning abilities.
With the release of Gemini Advanced, the extension that allows the reading of Google workspace information has returned.
From there, we can go back to Gemini and query it, asking it what is in the document.
Third, for Gemini Advanced, check to see if Google Workspace extension access is disabled.
This Cyber News was published on packetstormsecurity.com. Publication date: Wed, 13 Mar 2024 16:13:05 +0000