Google has issued a stark warning after researchers uncovered a new type of cyber attack exploiting its AI assistant, Gemini, within Gmail. This development highlights how artificial intelligence is becoming both a tool for defence and a vector for cybercriminals.
What Is the Threat?
The attack uses a technique known as indirect prompt injection.
- Hackers embed hidden instructions inside emails, often in invisible text (for example, white font on a white background).
- When Gmail’s Gemini assistant summarises the email, it unknowingly executes those instructions.
- The result could be a fake security alert, a prompt to reset a password, or other malicious guidance delivered by the AI itself.
What makes this especially dangerous is that users don’t need to click a link or open an attachment. Simply using the AI summarisation feature could expose them to risk.
What Does This Mean for the Cyber Risk Landscape?
This marks a turning point: AI is now firmly part of the attack surface. Traditional phishing defences like link filtering or attachment scanning won’t catch this type of manipulation.
- Attackers are innovating quickly, finding ways to weaponise the very tools organisations are adopting to streamline workflows.
- Trust in AI outputs becomes a new vulnerability; if users believe what an AI assistant says without question, social engineering becomes even harder to detect.
- The speed of exploitation could increase dramatically as attackers automate these kinds of manipulations at scale.
Implications for the Insurance Industry
For insurers, reinsurers, brokers and MGAs, this threat raises important considerations:
- Insurers & Reinsurers: Growing systemic risk. AI-based attacks could impact thousands of organisations simultaneously, raising the potential for correlated claims.
- Brokers: Need to advise clients on emerging threats and ensure cyber policies are supported by proactive risk management, not just reactive coverage.
- MGAs: Must differentiate products by embedding solutions that detect risks before they escalate into costly claims.
Cyber insurance can no longer rely purely on underwriting static questionnaires. Continuous monitoring and intelligence-led insight are essential to quantify and mitigate AI-driven risks.
Why Cyber Risk Monitoring and Embedded Cyber Risk Solutions Are Essential
This latest development underlines the urgent need for proactive cyber risk monitoring:
- Policyholder Protection: Detecting exposures like unpatched software, leaked credentials, or unusual employee behaviour helps stop attacks before they succeed.
- Claims Reduction: Preventative tools, such as Breach Check, Breach Defence and Cyber Xpert reduce the likelihood of breaches escalating into insurance claims, protecting portfolio profitability.
- Embedded Value: Embedding monitoring, alerts, and support services into policies ensures policyholders are equipped to respond to new threats — strengthening retention and customer trust.
As cyber criminals exploit AI, the insurance industry must respond with intelligence-driven, embedded solutions that move protection upstream. Prevention, not just payout, is the future of sustainable cyber insurance.
The Future is Proactive, Are You Ready?
Cyber risk management is evolving, and the insurance industry must evolve with it. Waiting for breaches to happen is no longer an option. By embedding proactive risk monitoring into your business and products, you not only protect your portfolio but also create new growth opportunities, improve engagement, and strengthen your market position.
At DynaRisk, our cyber risk monitoring and all-in-one cyber risk management solutions are designed to assist insurers and their policyholders by preventing cyber attacks before they become claims. Find out more, or get in touch for a demo of our solutions: www.dynarisk.com