Gemini AI Hijacked via Google Calendar in Smart Home Attack
A group of cybersecurity researchers has demonstrated how a seemingly innocuous Google Calendar invite can be weaponised to hijack Google’s Gemini AI.
Revealed at the Black Hat cybersecurity conference in Las Vegas, the attack – dubbed “Invitation Is All You Need” – used indirect prompt injection to manipulate Gemini into controlling smart home devices.
The researchers from Tel Aviv University in Israel planted malicious commands inside calendar entries, which were triggered when the user asked Gemini to summarise upcoming events.
Simple follow-up phrases like “thanks” or “sure” then executed commands to turn on appliances like lights and boilers.
The attack leverages Gemini’s integration with Google’s ecosystem, including Calendar, Gmail and Google Home.
The AI assistant interpreted hidden prompts in the calendar as legitimate user instructions, bypassing safety filters.
Researchers say this is the first time a generative AI has been used to cause real-world physical consequences.
Beyond home device control, the team uncovered 14 ways Gemini could be exploited.
These ranged from sending spam and deleting calendar appointments to launching malicious websites.
The attack’s delayed nature makes it difficult for users to trace the malicious behaviour back to the original calendar event.
In response, Google began working with the research team in February and announced new security updates in June, including enhanced detection of unsafe content in calendar invites and added user confirmation for high-risk actions.
Google’s Andy Wen told Wired the findings “directly accelerated” Google’s rollout of prompt injection defences, acknowledging the evolving threat as AI agents grow more capable and connected.
While such attacks remain rare, experts warn the risk will rise as AI systems become more deeply embedded in users’ digital and physical environments.























































































