logoalt Hacker News

Grombobuloustoday at 3:09 AM0 repliesview on HN

The bug is that Google’s own website outside of the context of user generated content becomes the source of the link and that alone removes a large amount of the suspicion.

I think the author of this attack could easily modify it to be way worse.

Just change it to inject a message saying “you have run out of creator studio AI credits, please add on a Geminin Creator Plus plan to continue. You will be taken to a third party billing service to complete the transaction” and then link to a malicious billing page.

I find this apathetic response from Google to be pretty confusing coming from one of the big AI companies making a big stink about AI safety. How about trying practicing what you preach and make your AI safe? Or were those all dog whistles for regulatory capture?