
Gemini Live Voice Session Flaw Enables Tool Injection Through Misconfigured Ephemeral Tokens
A security flaw in how developers implement Google’s Gemini Live API allows attackers to hijack browser-based AI voice sessions, override system prompts, and trigger unauthorized code execution all through a token misconfiguration that traces back to Google’s own reference implementation. Security Researcher Alvin Ferdiansyah observed that Gemini Live API powers real-time voice assistants through persistent […]
The post Gemini Live Voice Session Flaw Enables Tool Injection Through Misconfigured Ephemeral Tokens appeared first on Cyber Security News.