Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications

SafeBreach Labs disclosed a proof-of-concept attack named "Fake Context Alignment" that leverages notification text (including hidden foreign-language text and muted hyperlinks) to perform indirect prompt injection against Google Gemini. The technique bypasses delayed tool-invocation checks and can trigger actions such as controlling smart-home devices, joining Zoom calls, and creating persistent tasks that propagate across devices; Google was notified and updated classifiers to block the demonstrated techniques.