Promptware – Hackers Can Use Google Calendar Invites to Stream Victims’ Cameras via Zoom

A new and dangerous class of cyberattack called “Promptware” has been discovered, capable of turning your personal AI assistant into a sleeper agent that spies on you.

Security researchers from Ben-Gurion University, Tel Aviv University, and Harvard have demonstrated a terrifying exploit in which a simple Google Calendar invite can trick Google’s Gemini assistant into secretly streaming a victim’s camera feed via Zoom.​​

This discovery, detailed in the research paper “Invitation Is All You Need,” reveals that hackers don’t need to install viruses on your computer to control it. Instead, they need to send you an invitation.​

The attack exploits “Indirect Prompt Injection,” a technique in which hackers hide malicious instructions within text that an AI is likely to read.

The researchers outlined a simple four-step “kill chain” for this Zoom hack:​

The Trap: A hacker sends a Google Calendar invite to the victim. Hidden in the invite’s description is a malicious command (Promptware) designed to trick the AI.

The Infection: When the victim asks their AI assistant, “What’s on my calendar today?” the assistant reads the event.

As it processes the text, it unwittingly executes the hidden command, which secretly changes its internal rules.

The Trigger: The malicious command tells the AI to wait for a common, innocent phrase from the user, such as “Thank you,” “No,” or “Great”.​​

The Spy: Once the victim utters the trigger word, the compromised assistant carries out the hacker’s true objective.

In this case, it forces the device to open the Zoom app and join a specific meeting controlled by the hacker, instantly streaming the victim’s video and audio.

A New Era of “Promptware”

The researchers noted that expert Bruce Schneier and Ben Nassi coined the term “Promptware” to describe this evolution.

Unlike early AI pranks that just made chatbots say rude things, Promptware acts like traditional malware.

It can establish persistence (staying active in memory), move laterally (opening other apps like Zoom or Smart Home controls), and execute physical actions.​

Beyond spying via Zoom, the researchers showed that this method could also be used to unlock smart doors, open connected windows, or steal emails, all triggered by a calendar invite that the user never even accepted.

Google has since deployed mitigations after being informed of these findings. As we give AI assistants more control over our apps and smart homes, we also give hackers new ways to control us.

Users should be cautious about calendar invites from unknown senders, as they may be more than just spam; they could be software designed to take over your device.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.