she hacked youJul 3

You can bypass Google Gemini's PII (private identifiable information) redaction filter and pull identifying information about anyone. Simply telling it to translate or any 2nd action (& many more work better like base64 conversion) lets you pull illegal PII data verbatim unredacted

Here is a European's PII demo

Email is supposed to be redacted to hide the fact that every Europeans PII is in the training data

Google's training data includes all your personal data already

Ekis: 3 Google: 0

Show threadshe hacked you

The impact is critical. This vulnerability directly leads to privacy violations and potential legal liabilities under GDPR, which can and should result in massive fines

An unauthenticated user can trigger this via the public Gemini WebUI interface makes it a severe risk

Jul 3 at 3:17amWeb