Gmail users face a new and evolving security threat as the integration of Gmail, Calendar, and AI assistants introduces potential risks. Whether through prompt injections in emails and calendar invites or through hijacked AI assistants covertly extracting content, vigilance is essential.
Google recently issued a warning about “a new wave of threats emerging across the industry, aiming to manipulate AI systems themselves.” These involve emails, documents, or calendar invites designed to trick AI into exfiltrating user data or carrying out malicious actions.
The introduction of Gemini in Gmail promises to make inbox management easier with advanced features like smart search, automated replies, composing assistance, and message summaries.
In addition to Gemini, Google recently expanded Gmail’s security with a significant upgrade. As of October 2, Gmail client-side encryption (CSE) users can send end-to-end encrypted (E2EE) emails to anyone—without requiring recipients to have Gmail accounts. When receiving encrypted messages, recipients get a notification and can securely access the content via a guest account, simplifying secure communication by eliminating the need to exchange encryption keys.
However, these two key upgrades—Gemini and client-side encryption—do conflict. Users must choose between AI-assisted email processing and robust encryption, as both cannot be used simultaneously without compromising functionality. With encryption enabled, AI features like Gemini cannot access or process email content, limiting smart search and automatic content generation.
Google confirms that “when CSE is enabled, protected data is indecipherable to any unauthorized third party, including Google and generative AI assistants such as Gemini.” This ensures that encrypted emails remain private but prevents AI from assisting with those messages.
While this trade-off may be frustrating, it is the expected behavior to maintain privacy and security. Google plans to enable this expanded encryption by default for eligible Gmail CSE users. Though it is not strictly true end-to-end encryption (since key control lies with Google rather than the end user’s device), it is a significant security improvement over standard email.
Regarding Gemini and data access, Google’s chief recommendation is to “apply client-side encryption to prevent Gemini’s access to sensitive data.” This prudent advice protects users’ most critical information from unintended exposure while benefiting from AI-powered features where possible.
