Glowing smartphone on coffee table illuminates cryptic message with smart home devices and cameras and ominous shadow on wall
Posted inSecurity News Tech News

Promptware Threats: How Hidden AI Commands Could Control Your Smart Home

No Comments

Promptware, a new form of malware that tricks AI into following malicious commands, has emerged as a serious threat to smart homes. Researchers demonstrated how hidden prompts can cause Google’s Gemini AI to control devices like windows and boilers, and to leak user locations. The discovery has prompted major tech companies to tighten safeguards, but users still need to adopt best practices to stay safe.

At a Glance

  • Promptware can make AI perform harmful actions without user clicks.
  • Researchers showed Gemini could open windows, turn on boilers, and send location data via hidden prompts.
  • Google identified vulnerabilities in early 2025 and added defenses; Apple and Amazon are also updating their assistants.

Why it matters: Promptware can bypass traditional security tools and give attackers control over home devices, making it a new frontier for cybercrime.

What Is Promptware?

Promptware is a type of cyberattack that embeds malicious commands in messages or data that an AI system reads. Unlike classic malware that requires a user to click a link or run a program, promptware can be zero-click-the AI simply processes the text and follows the hidden instructions. The commands can control connected devices, exfiltrate data, or alter system settings.

How the Attack Works

In a recent Blackhat conference presentation, Tel Aviv University researchers led by Ben Nassi showed how they used everyday messages to lure Google’s Gemini AI into executing harmful actions. The malicious prompts were hidden in:

  • Email titles
  • Calendar event summaries
  • Other text that Gemini automatically processes

The attackers crafted the prompts so that when Gemini read the text, it would activate a feature-such as opening a smart window or turning on a boiler-without any user interaction. The attacks were zero-click, meaning the user did not need to open a link or download a file.

Recent Discoveries and Corporate Responses

Google was made aware of these vulnerabilities in early 2025 and set up safeguards to remove them. A Google spokesperson told Amanda S. Bennett:

> “This active collaboration with white hats and security researchers is a profoundly positive development, leading to productive testing and bug hunting that makes AI systems stronger for everyone. We actively participate in and value programs like our AI Vulnerability Reward Program.”

The discovery highlighted how promptware can be hidden in innocuous places and how it evades traditional virus software and firewalls. As AI becomes more integrated into daily communication and home devices, the threat landscape is expanding.

Computer screen with Google search and Gemini AI chat showing Ben Nassi's face and malicious prompts near hacking code

Apple is in talks to upgrade Siri with Gemini-powered features, and Amazon’s Alexa Plus AI is rolling out slowly. Both companies are reportedly reviewing their AI integration to mitigate promptware risks.

Protecting Your Smart Home

While the threat is still evolving, several security practices can help protect against promptware and other privacy problems.

1. Keep Devices Updated

Always install the latest OS and app updates, especially for AI-enabled devices. Updates often include patches for newly discovered vulnerabilities.

2. Don’t Accept Unknown Messages

Promptware can be delivered via phishing-style emails or texts. Avoid opening or interacting with messages from unknown senders. If you receive a suspicious message, delete it and report it.

3. Avoid Summarizing Unknown Content

AI often summarizes emails, calendars, and documents. Don’t ask AI to summarize anything you don’t already trust. Limiting AI access to unknown messages reduces the chance of it processing a hidden prompt.

4. Disable AI in Email and Calendar Apps

If possible, turn off AI features in email, chat, and calendar applications. This prevents the AI from automatically reading and acting on content that could contain malicious prompts.

5. Be Careful When Copying Text

Promptware can hide at the end of file names, email subjects, or code snippets. Before copying or pasting, review the entire string for unusual commands.

Key Takeaways

  • Promptware exploits AI’s ability to read text, enabling zero-click attacks that can control smart devices.
  • Google’s Gemini AI was shown to open windows, activate boilers, and send location data via hidden prompts.
  • Major tech firms are tightening safeguards, but users must stay vigilant.
  • Simple steps-keeping software updated, avoiding unknown messages, limiting AI summarization, disabling AI in certain apps, and reviewing copied text-can reduce promptware risk.

By staying informed and following these best practices, homeowners can protect their devices from this emerging threat.

Author

  • My name is Amanda S. Bennett, and I am a Los Angeles–based journalist covering local news and breaking developments that directly impact our communities.

    Amanda S. Bennett covers housing and urban development for News of Los Angeles, reporting on how policy, density, and displacement shape LA neighborhoods. A Cal State Long Beach journalism grad, she’s known for data-driven investigations grounded in on-the-street reporting.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *