“Your browser (the UI) exhibits you a pleasant, clear immediate,” explains the report. “However the uncooked textual content that will get fed to the LLM has a secret, hidden payload tucked inside, encoded utilizing Tags Unicode Blocks, characters not designed to be proven within the UI and due to this fact invisible. The LLM reads the hidden textual content, acts on it, and also you see nothing improper. It’s a basic utility logic flaw.”
This flaw is “significantly harmful when LLMs, like Gemini, are deeply built-in into enterprise platforms like Google Workspace,” the report provides.
FireTail examined six AI brokers. OpenAI’s ChatGPT, Microsoft Copilot, and Anthropic AI’s Claude caught the assault. Gemini, DeepSeek, and Grok failed.
