The problem is bigger than just something that one engineer can fix, it's a genuine flaw in the training of Gemini, so in order to fix this the model has to be retrained, and new parameters put in place to prevent this kind of thing from happening. The moment a large youtuber gets private content leaked and lands YT in hot water with potential legal liability, and they start talking about what happened, this bug will get fixed. I feel like this is their way of saying the problem is so complex to fix and relatively unknown to most people that they're not going to do anything about it until they have to. The biggest issue is that with the current transformer model they won't even know where to start looking in the Gemini code to fix it, they will literally have to go in and find/ rewrite some random code in the conversational source code which is probably more lines of code than a single engineer can comb though. It would probably take a small team a good amount of time to fix this because you could word it differently and get the same results
I'm a little confused why so many here are making it seem like this particular attack is completely unstoppable. Just don't include private videos in training or inference. My guess is that the agent that runs this viewer comment aggregation feature has the same context as the one that runs other AI studio things, but attack or not, this isn't functionally correct to begin with. This attack implies that if Samsung has a private video for a new rollable phone, they might see "Viewers are excited about Samsung Roll 1" from this. The viewer comment aggregation feature should have the same information as the viewers to form an accurate summary, and the AI studio suggestion agent should have private context.
Now, the bigger problem of being able to make a "[Important Notice from YouTube]" banner might be harder to solve, but they could at least remove links from the input and output.