Google Patches Zero-Click Vulnerability in Gemini Enterprise Exposing Corporate Data In June 2025, security researchers at Noma Security uncovered a critical zero-click vulnerability in Google Gemini Enterprise, dubbed GeminiJack, which could enable attackers to exfiltrate sensitive corporate data without user interaction. The flaw, reported to Google the same day, affected Gemini Enterprise—Google’s suite of AI-powered workplace tools—and Vertex AI Search, a Google Cloud platform for AI-driven search and recommendations. The vulnerability stemmed from an indirect prompt injection weakness in Gemini’s Retrieval-Augmented Generation (RAG) architecture, which allows the AI to query across multiple Google Workspace data sources (Gmail, Google Docs, Calendar, etc.). Attackers could embed malicious instructions in seemingly benign documents, emails, or calendar events. When a legitimate employee performed a routine search, the AI would unknowingly process these instructions, scan authorized Workspace data for sensitive terms, and transmit the results to an attacker-controlled server via an external image URL—all while bypassing traditional security controls. The attack required no user interaction, making it particularly stealthy. Google confirmed the report in August 2025 and collaborated with Noma Security to remediate the issue. By December, Google had deployed updates that separated Vertex AI Search from Gemini Enterprise, eliminating shared LLM workflows and RAG capabilities. However, Noma Security warned that such vulnerabilities may persist as AI systems gain broader access to corporate data, outpacing the detection capabilities of conventional security tools. The UK’s National Cyber Security Centre (NCSC) has since released guidance to help organizations mitigate prompt injection risks, underscoring the growing threat posed by AI-driven data exfiltration. The incident highlights the expanding attack surface introduced by corporate AI adoption, where a single flaw can expose vast amounts of sensitive information.