Google Docs' New AI Writing Features Have a Security Vulnerability
Google Docs' new artificial intelligence (AI) writing tools have a security vulnerability that could expose users to phishing attacks and misinformation, according to a report.
The 'Refine the selected text' feature in the Google suite allows users to have an AI bot rewrite their copy or document, with options for 'elaborate,' 'shorten,' 'formalize,' 'rephrase,' or 'clean up.' However, the tool is susceptible to something called 'prompt injection,' where malicious text can cause the bot to modify the output in misleading or harmful ways.
In a demonstration, Johann Rehberger, a security researcher, shows how a prompt can be inserted into text that would cause the AI rewrite to call a phishing scam phone number. While this would require the user to have the poisonous prompt within their text and use the 'refine text' feature, the potential for damage is clear.
Rehberger says that he reported the issue to Google, but it was marked as 'Won't Fix (Intended Behavior).' He also says that he was able to successfully replicate the instructions given by the company.
'Google Docs' 'rephrase,' 'clean up,' and 'refine text' functions are vulnerable to prompt injection,' Rehberger explains. 'This means that it's possible to inject malicious prompts that will be interpreted by Google Docs as helpful suggestions.'
The injection can occur regardless of the text refinement option chosen (elaborate, shorten, formalize, rephrase), but the success rate varies. Rehberger says that Gdocs sometimes detects the prompt and either ignores it or displays an error message. Prompt injection can also cause Gdocs to change key facts in a document, potentially leading to misinformation.
'Google Docs will sometimes change parts of your document that you didn't even want to change,' Rehberger says. 'For example, it might introduce some text that wasn't there before, or change parts of your text that you didn't want to change.'
The Gdocs AI can also change parts of a document that were never in the original, resulting in inaccurate information, which could be dangerous if important web addresses or critical information are altered.
While the flaw may seem harmless, especially if you believe it can't do any harm as long as you don't insert malicious prompts into your documents, there is an extremely real danger here. If you're a student who paraphrases text or a business that rewrites important reports, and you're using the public beta feature in Google Docs, you could unknowingly execute the prompt, leading to harmful consequences.
Unfortunately, this isn't the first time we've seen such a security vulnerability in Google Docs. In May, it was discovered that the tool's 'suggest corrections' feature could be manipulated to insert malicious code. In July, a glitch in the AI-powered 'automated suggestions' feature led to the exposure of users' Google accounts.
It's never been more important to be vigilant about the latest security vulnerabilities. Check out what else you need to know about them in our guide.