A new and dangerous class of cyberattack called \u201cPromptware\u201d has been discovered, capable of turning your personal AI assistant into a sleeper agent that spies on you.<\/p>\n
Security researchers from Ben-Gurion University, Tel Aviv University, and Harvard have demonstrated a terrifying exploit in which a simple Google Calendar invite can trick Google\u2019s Gemini assistant<\/a> into secretly streaming a victim\u2019s camera feed via Zoom.\u200b\u200b<\/p>\n This discovery, detailed in the research paper\u00a0\u201cInvitation Is All You Need,\u201d<\/em> reveals that hackers don\u2019t need to install viruses on your computer to control it. Instead, they need to send you an invitation.\u200b<\/p>\n The attack exploits \u201cIndirect Prompt Injection<\/a>,\u201d a technique in which hackers hide malicious instructions within text that an AI is likely to read.<\/p>\n The researchers outlined a simple four-step \u201ckill chain\u201d for this Zoom hack:\u200b<\/p>\n The Trap:<\/strong>\u00a0A hacker sends a Google Calendar invite to the victim. Hidden in the invite\u2019s description is a malicious command (Promptware) designed to trick the AI.<\/p>\n The Infection:<\/strong>\u00a0When the victim asks their AI assistant, \u201cWhat\u2019s on my calendar today?\u201d the assistant reads the event.<\/p>\n As it processes the text, it unwittingly executes the hidden command, which secretly changes its internal rules.<\/p>\n The Trigger:<\/strong>\u00a0The malicious command tells the AI to wait for a common, innocent phrase from the user, such as \u201cThank you,\u201d \u201cNo,\u201d or \u201cGreat\u201d.\u200b\u200b<\/p>\n The Spy<\/strong>:\u00a0Once the victim utters the trigger word, the compromised assistant carries out the hacker\u2019s true objective.<\/p>\n In this case, it forces the device to open the Zoom app<\/a> and join a specific meeting controlled by the hacker, instantly streaming the victim\u2019s video and audio.<\/p>\n The researchers noted that expert Bruce Schneier and Ben Nassi coined the term \u201cPromptware\u201d to describe this evolution<\/a>.<\/p>\n Unlike early AI pranks that just made chatbots say rude things, Promptware acts like traditional malware.<\/p>\n It can establish persistence (staying active in memory), move laterally (opening other apps like Zoom or Smart Home controls), and execute physical actions.\u200b<\/p>\n Beyond spying via Zoom, the researchers showed that this method could also be used to unlock smart doors, open connected windows, or steal emails, all triggered by a calendar invite<\/a> that the user never even accepted.<\/p>\n Google has since deployed mitigations after being informed of these findings. As we give AI assistants more control over our apps and smart homes, we also give hackers new ways to control us.<\/p>\n Users should be cautious about calendar invites from unknown senders, as they may be more than just spam; they could be software designed to take over your device.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Promptware \u2013 Hackers Can Use Google Calendar Invites to Stream Victims\u2019 Cameras via Zoom<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"The](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh48e36c37mEH3TIDtWtq1_PH6Z0lUNieeJGfPCviFPghPJWXhJXtLHtv6QhNc1W9QUIQhBDYyx23ivikr1iwBkj6Y1TdUstAuKxBi1xLfNhnvWhEgknF3UGi0XTdS_visLJuQy7B6i8EvqnHFfHOpTyn_hQIhMdbQS28CxcAQ-uATIoSZKwTPeoIo_NLI\/s1600\/Screenshot%25202026-02-12%2520103722%2520%25281%2529.webp?ssl=1\")
![\"Compromised](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhrkLuHkeSXx_SI4aN18Un8ZzjhtT5HYKQIsKTLUNXfJVFH2j1ftTNu6Q2g7UtbRd1QG0Y4jxLshX62Q84CZjK0J2dHsbrG5NhRA_N3oQiJxAkoWnam2nBa-5TXfx4GJPnQUHLUb9pkfWuS6OYmV8HHNwyp95o32RSw4mfuwDM6yzbO7pijwxZO4xgCOMw\/s1600\/Screenshot%25202026-02-12%2520111214%2520%25281%2529.webp?ssl=1\")
A New Era of \u201cPromptware\u201d<\/strong><\/h2>\n
![\"Compromised](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjSUjlc6zvr71gRpanJiLE5qv37Wq-hnA21ZwY2HX_S1gA1aJ9k9AxGZ2Nh8DPXex_xsWWYITLEPAOYsr66k_yQXgeAHwOtgt0hXIIVXKgw_iDf8ndCsyH_Wb4xyr3yqXW9JWQB96bTYffu30oh_QbDbcjYS_WHg6riocvLOnYM9K2eFBuwi_1QNhiXy1Y\/s1600\/Screenshot%25202026-02-12%2520110720%2520%25281%2529.webp?ssl=1\")