Andy Carle
Python HubWeaponizing image scaling against production AI systems
Attackers can hide malicious prompts in images that become visible only after being downscaled—tricking AI systems like Gemini CLI and Vertex AI Studio into executing hidden instructions. Trail of Bits demonstrates these “image scaling” exploits and introduces Anamorpher, an open-source tool to craft and test such attacks, while also proposing defenses.
https://blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/
Weaponizing image scaling against production AI systems
In this blog post, we’ll detail how attackers can exploit image scaling on Gemini CLI, Vertex AI Studio, Gemini’s web and API interfaces, Google Assistant, Genspark, and other production AI systems. We’ll also explain how to mitigate and defend against these attacks, and we’ll introduce Anamorpher, our open-source tool that lets you explore and generate these crafted images.
Ian Turton