Google Gemini security flaw could have let anyone access systems or run code

A critical security flaw in Google's Gemini CLI tool allowed potential unauthorized system access and code execution. Discovered by Tracebit researchers, the vulnerability stemmed from automatic execution of pre-approved commands. Attackers could hide malicious instructions in harmless-looking files. Google patched the issue in version 0.1.14, and users should update immediately. This incident underscores the need for caution when using AI tools on untrusted code.