Today’s Topics:

• Google Strengthens GenAI Security with Multi-Layered Defenses to Combat Prompt Injection Attacks
• Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages
• How can Netizen help?

Google Strengthens GenAI Security with Multi-Layered Defenses to Combat Prompt Injection Attacks

In response to the growing threat of prompt injection attacks, Google has unveiled a series of robust security measures designed to safeguard its generative AI models, particularly Gemini, from evolving exploitation techniques. The latest vulnerabilities—referred to as indirect prompt injections—pose significant risks as malicious actors exploit external data sources, like emails and calendar invites, to manipulate AI systems into performing dangerous or unauthorized actions. These attacks circumvent traditional defense mechanisms by embedding harmful instructions within trusted data sources, tricking the AI into executing them.

To mitigate these risks, Google has implemented a layered defense strategy aimed at raising the difficulty and cost of launching successful attacks. These defenses include prompt injection content classifiers to filter out harmful instructions, the reinforcement of security through special markers placed in untrusted data, and markdown sanitization to block external malicious URLs. Additionally, the company has introduced a user confirmation framework, requiring approval before risky actions are executed, and integrated end-user notifications to alert users about potential prompt injections.

Despite these improvements, Google acknowledged that the threat landscape is shifting. Malicious actors are increasingly utilizing adaptive attacks, deploying automated red-teaming tools to circumvent these defenses. The vulnerability underscores the challenges AI models face in distinguishing between legitimate user instructions and manipulative commands embedded within data. According to Google DeepMind, addressing these issues will require continuous advancements in AI system security, incorporating defenses at each layer—from the model’s core understanding to the application and hardware infrastructure.

Researchers from institutions like ETH Zurich and Carnegie Mellon University, along with Google’s own DeepMind, have highlighted the dangers posed by AI systems vulnerable to prompt injections. These models are capable of generating harmful content, including weapon instructions, phishing schemes, and even polymorphic malware. As AI agents continue to evolve, their ability to unlock new attack vectors for adversaries, such as extracting personally identifiable information (PII) or launching tailored attacks, becomes increasingly alarming.

The insights gathered from ongoing stress tests and red-teaming benchmarks indicate that while AI models excel at prompt injection attacks, they still struggle with system exploitation and model inversion tasks. However, the efficiency with which AI agents solve challenges compared to human operators emphasizes the transformative potential these systems have in improving security workflows.

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages

In April 2025, a series of cyberattacks targeted two of the U.K.’s most prominent retailers, Marks & Spencer (M&S) and Co-op, causing significant disruption and financial damage. According to the Cyber Monitoring Centre (CMC), these attacks have been classified as a “single combined cyber event” due to the timing, similar tactics, and a threat actor’s claim of responsibility for both incidents.

The breach, which has been classified as a “Category 2 systemic event,” is estimated to have cost between £270 million ($363 million) and £440 million ($592 million). The security breach, which focused on IT help desks through advanced social engineering tactics, has caused a deep impact on the two companies and their partners. CMC continues its attribution efforts but strongly suspects the notorious cybercrime group, Scattered Spider (also known as UNC3944), is behind the attacks.

The group, previously affiliated with The Com, is known for its advanced social engineering techniques, particularly in impersonating IT staff to gain unauthorized access. The consequences of this breach extend beyond M&S and Co-op, with ripple effects for their suppliers, partners, and service providers.

In addition, Scattered Spider’s attacks are no longer limited to the retail sector. The Google Threat Intelligence Group (GTIG) has recently warned that the group has shifted its focus to U.S. insurance companies, using similar social engineering tactics to target help desks and call centers. This shift in targets highlights the growing concern surrounding Scattered Spider’s evolving strategies and growing impact.

While Marks & Spencer’s supplier Tata Consultancy Services (TCS) has publicly confirmed that its systems were not compromised in the attack, internal investigations continue to explore the possibility of TCS’s systems being used as a stepping stone for the breach.

The increase in attacks from groups like Scattered Spider, combined with the shift toward more sophisticated techniques like those seen in Qilin ransomware operations, has prompted heightened alertness across critical industries. These developments underscore the escalating threats posed by cybercriminals targeting high-profile sectors, making it imperative for organizations to reinforce their cybersecurity defenses.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.