What if I told you that AI tools your defenders use on a regular basis potentially exposes your cloud environment to risk?

With a single wrong click by a defender attempting to analyze a log using Google Cloud’s promising new AI summarization feature, or with one innocent prompt, the defender could quickly become the victim of a phishing attack—or worse, suffer sensitive resource data exfiltration.

This talk will showcase a vulnerability I discovered in Google’s new flagship AI assistance tool, Gemini Cloud Assist, where attackers can embed malicious prompts into a victim's logs. When the user reviews these logs with Gemini Cloud Assist, the attacker may exploit Gemini's integrations or deceive the user into accessing a legitimate-looking phishing link. This vulnerability discovery reveals a new attack class in the cloud that defenders should be aware of.
Additionally, I expanded my research to include a similar service in Azure, Azure Copilot, which does not yet seem to be mature enough to be susceptible to this attack class.

When diving into my research on both Google’s Gemini Cloud Assist and Azure Copilot, I will enable defenders to better understand the arising risks of using these emerging services.
By the end of this talk, the audience will learn about new monitoring techniques for malicious prompts in the cloud they can apply in their environments, specifically focusing on the various log sources that we believe attackers will target in the future.