Gemini Live Voice Session Flaw Enables Tool Injection Through Misconfigured Ephemeral Tokens
A security flaw in how developers implement Google’s Gemini Live API allows attackers to hijack browser-based AI voice sessions, override system prompts, and trigger unauthorized code execution all through a token misconfiguration that traces back to Google’s own reference implementation. Security...