< ciso
brief />
Tag Banner

All news with #gemini tag

208 articles · page 4 of 11

Google AI updates: Gemini 3.1, Nano Banana 2, and more

🚀 February highlights include new models, tools, and global partnerships. Google introduced Gemini 3.1 Pro and an upgraded Deep Think variant for scientific and engineering problems, alongside visual models such as Nano Banana 2 and creative tools like Lyria 3 and Flow improvements. The company emphasized impact at the AI Impact Summit and announced investments, national partnerships in India, and updates to content-identification tools like SynthID, with access pathways for developers, enterprises, and consumers.
read more →

Google Cloud adds Data Steward and VoLTE Core Agent

🔧 Google Cloud is extending its Autonomous Network Operations framework with the Gemini-powered Autonomous Data Steward and a Core Network VoLTE Agent, developed with Future Connections and piloted by One NZ. The Steward provides a zero-copy data layer using Dataplex Universal Catalog to expose metadata pointers and give agents access to real-time telemetry without duplicating datasets. The VoLTE Agent leverages that foundation for continuous monitoring, intelligent root-cause analysis of signaling and probe data, and autonomous recommendations to improve voice quality and accelerate operational tasks.
read more →

Transforming Developers into AI Architects with Google Cloud

🧭 This post launches Google Cloud's "Data Strategy = AI Strategy" series and reframes the database as the central context engine for production AI. It argues that by using fully PostgreSQL-compatible services such as AlloyDB and Cloud SQL, teams can eliminate latency and improve retrieval accuracy while reducing infrastructure friction. The article emphasizes three enterprise pillars — speed, scale, and security — and describes hands-on labs that cover batch embeddings, real-time inference with Gemini 3 Flash, and row-level security for zero-trust agents.
read more →

Chrome Gemini Vulnerability Allowed Extension Hijack

🛡 Unit 42 discovered CVE-2026-0628, a high-severity flaw in Chrome's new Gemini Live panel that allowed extensions with only declarativeNetRequest permissions to inject JavaScript into the privileged panel context. That injection could escalate extension privileges to access camera and microphone, read local files, take screenshots and render phishing content inside a trusted browser UI. Google was notified on 2025-10-23 and issued a patch in early January 2026. Palo Alto Networks recommends mitigations such as Prisma Browser and related protections.
read more →

Thousands of Google Cloud API Keys Expose Gemini Access

⚠️ Truffle Security found nearly 3,000 Google Cloud API keys (prefix "AIza") embedded in client-side code that can now authenticate to Gemini endpoints when a project enables the Generative Language API. Attackers scraping sites can use exposed keys to access uploaded files, cached contents, and make LLM calls that charge victims' accounts. Google says it has implemented measures to detect and block leaked keys and advises rotating and restricting exposed keys.
read more →

Silent Google API Key Change Exposed Gemini AI Data

🔒 Researchers at Truffle Security discovered that Google Cloud API keys, historically described as simple billing identifiers (prefix Aiza), began functioning as authentication tokens for embedded Gemini AI instances. A Common Crawl scan in November found 2,863 live, publicly exposed keys, including from major firms and Google itself, which could be used to retrieve uploaded files, cached context, or to consume API quota and incur charges. Google confirmed the issue after disclosure, restricted affected keys, and advises administrators to audit and rotate keys.
read more →

Exposed Google API keys can now reveal Gemini AI data

🔓 Google Cloud API keys that were once treated as non-sensitive can now authenticate to the Gemini generative AI assistant, creating a new attack path where keys embedded in client-side JavaScript expose private assistant data. TruffleSecurity discovered nearly 2,800 live, publicly accessible keys across sectors — including financial firms and a Google product — by scanning the November 2025 Common Crawl. Attackers who copy exposed keys can call Gemini endpoints to retrieve data or generate costly API usage; developers should audit projects for the Generative Language API, rotate exposed keys immediately, and use detection tools to prevent abuse.
read more →

Nano Banana 2 Brings Pro-Level Image AI to Enterprise

🖼️ Nano Banana 2 is Google’s latest image-generation and editing model, delivering Pro-level image quality and fast iteration for enterprise creative workflows. Powered by real-time web search and integrated with Gemini API in Vertex AI, it provides accurate, localized visuals plus premium features like text rendering, translations, and upscaling to 2K/4K. Enterprise-ready provenance is supported via SynthID and interoperable C2PA Content Credentials to surface how AI was used.
read more →

Android expands AI-powered scam protections to devices

🔒 Android is expanding its AI-driven Scam Detection protections for calls and messages, bringing on-device Gemini models to more Pixel and Samsung Galaxy devices. A real-world example describes a Pixel user who avoided a convincing bank scam after receiving a timely Scam Detection warning during the call. Google Messages protections now cover 20+ countries and multiple languages and have improved detection for sophisticated threats like job-offer and romance “pig butchering” scams. Processing occurs on-device, data aren’t stored or shared, and the feature is off by default and excluded for contacts.
read more →

AI-assisted attacker compromises 600+ FortiGate firewalls

🛡️ AWS security researchers report a Russian-speaking attacker compromised more than 600 FortiGate firewalls between January 11 and February 18, 2026, by exploiting weak or default passwords rather than product vulnerabilities. The actor used a Google Gemini-based AI tool to pivot to additional hosts and deployed reconnaissance tools written in Go and Python. Analysts found clear signs of AI-assisted code generation. Experts urge strong passwords and enabling MFA.
read more →

Android malware uses Gemini AI to persist on devices

🔐 ESET researchers have identified an Android implant, dubbed PromptSpy, that leverages generative AI to maintain persistence on victims' devices and represents an evolution of earlier VNCSpy samples. The implant sends serialized UI snapshots to Google's Gemini, receives step-by-step Accessibility Service actions to keep the malicious app pinned in Recent Apps, and executes those actions while a VNC module provides remote viewing and control. The initial dropper impersonated JPMorgan Argentina and distributed via mgardownload[.]com; communications use AES-encrypted VNC to a hardcoded C2 at 54.67.2[.]84. PromptSpy also overlays invisible UI elements to block uninstallation; the only reliable removal is rebooting into Safe Mode.
read more →

Measuring Freestyle Snowboarding Physics with Google AI

🎿 Using Google Cloud AI and Gemini-era vision from DeepMind, the Google Cloud Team and U.S. Ski & Snowboard built a tool that extracts full 3D biomechanical pose data from ordinary video to measure rotation, posture, and airtime. The system defines a torso-based Body Frame and uses quaternions to compute true angular travel, producing a new metric called Rotational Degrees. Visual outputs like the Cork Ribbon reveal axis tilt and consistency for coaches and broadcasters, helping quantify efficiency and the physical feasibility of higher-degree tricks.
read more →

Building conversational agents for BigQuery with Gemini

💬 This Google Cloud post by David Tamaki Szajngarten demonstrates how to build a context-aware conversational agent for BigQuery using the Conversational Analytics API powered by Gemini. It provides a reference Python SDK flow to register BigQuery tables, create a DataAgent with system instructions and permitted datasources, and deploy stateful or stateless conversations. The article shows a streaming chat loop that returns generated SQL, DataFrame-like results, Vega‑Lite chart specs, and final natural-language answers, and highlights integration with the Agent Development Kit (ADK) and lifecycle controls.
read more →

Google Releases Gemini 3.1 Pro for Enhanced Reasoning

🚀 Google announced Gemini 3.1 Pro, an upgraded foundation model in the Gemini 3 series that emphasizes deeper reasoning and complex problem solving. The model is available in preview in Vertex AI and Gemini Enterprise, and developers can access it through Google AI Studio, the Gemini API, Android Studio, Google Antigravity, and the Gemini CLI. Early customers report meaningful gains in speed, efficiency, and accuracy across code, 3D transformations, and product design workflows.
read more →

PromptSpy: GenAI-driven Android malware abuses Gemini

🧠 ESET researchers have identified PromptSpy, the first known Android malware to integrate generative AI (Google's Gemini) into its execution flow. The malware sends serialized UI XML to Gemini and receives JSON-formatted tap, swipe, and long-press instructions to navigate device-specific interfaces. This enables robust persistence by programmatically locking the app in Recent Apps and deploying a VNC module for remote control and data exfiltration. Distribution appears limited and regionally focused, but the technique raises broader concerns about AI misuse.
read more →

Using the Neo4j Gemini CLI Extension on Google Cloud

🔗 Gemini CLI's Neo4j extension connects graph databases to Gemini's reasoning via the Model Context Protocol (MCP). The extension bundles four MCP servers to manage Neo4j Aura, translate natural language into Cypher, support interactive data modeling and visualization, and use Neo4j as long-term memory for agentic flows. Developers can provision databases, run Cypher queries, and persist knowledge from the terminal to accelerate GraphRAG workflows.
read more →

Wiz benchmarks AI agents in cybersecurity model arena

🛡️Wiz has built a 257-challenge benchmark suite to evaluate AI agents across five offensive security domains: zero-day discovery, CVE detection, API security, web security, and cloud security. Tests run inside isolated Docker containers with no per-challenge timeouts, use deterministic scoring rubrics, and give each agent three attempts per challenge. The vendor-agnostic framework measures capability rather than throttling, and in Wiz's announcement Claude Code on Claude Opus 4.6 narrowly topped the trials, with Gemini 3 Pro placing second.
read more →

Google: State-Backed Hackers Use Gemini for Recon Support

⚠️ Google’s Threat Intelligence Group (GTIG) says the North Korea-linked actor UNC2970 and other state-aligned groups abused Gemini for target profiling, reconnaissance, and campaign planning. GTIG found use cases ranging from synthesizing OSINT and crafting tailored phishing personas to automating vulnerability analysis and debugging exploit code. Researchers identified malware such as HONESTCUE, which queries Gemini’s API to generate C# stage-two loaders compiled in memory, and an AI-built phishing kit called COINBAIT. Google also reported and mitigated large-scale model extraction activity aimed at replicating Gemini’s behavior.
read more →

Nation-State Actors Leverage Gemini AI in Cyber Campaigns

🔍 Google’s Threat Intelligence Group and DeepMind found that government-backed APTs increasingly use Gemini and other generative AI for reconnaissance, target profiling and sophisticated social engineering. Observed actors include Iran’s APT42 and North Korea’s UNC2970 using models to harvest email addresses and synthesize OSINT, while TEMP.Hex and APT31 applied AI for vulnerability research and automated testing. The report also details a rise in model extraction attempts, an underground jailbreak ecosystem (notably the Xanthorox toolkit), abuse of public sharing to host malicious instructions, and cases such as Honestcue leveraging Gemini APIs to generate in-memory malicious code; Google has disabled associated assets and warns of intellectual-property theft risks.
read more →

Google: Hackers Abusing Gemini AI Across All Attack Stages

🛡️ Google Threat Intelligence Group warns state-backed actors are abusing Gemini across the full attack lifecycle, from reconnaissance and phishing-lure generation to C2 development and data exfiltration. Groups linked to China, Iran, North Korea, and Russia used the model for target profiling, code generation, translation, vulnerability testing, and troubleshooting. Google says it has disabled abusive accounts and implemented targeted classifier defenses to make misuse harder.
read more →