Google has implemented substantial security upgrades to its Gemini 2.5 family of AI models, establishing them as the company's most secure models yet in response to evolving AI security threats.
At the heart of these enhancements is a new security approach that significantly increases Gemini's protection against indirect prompt injection attacks during tool use. These attacks occur when malicious instructions are embedded within data that an AI model retrieves, potentially causing the model to execute harmful commands or leak sensitive information.
The security improvements arrive as Google prepares to integrate Project Mariner's computer use capabilities into the Gemini API and Vertex AI. Project Mariner enables AI agents to control web browsers and perform specific tasks automatically, including navigating websites and interacting with web elements. Several companies including Automation Anywhere, UiPath, Browserbase, Autotab, The Interaction Company, and Cartwheel are already testing these capabilities, with broader developer access expected this summer.
Google's security strategy for Gemini 2.5 involves multiple defensive layers, including automated red teaming (ART) that continuously probes for vulnerabilities. According to Google DeepMind's research, this approach has significantly reduced the success rate of adaptive attacks compared to previous model versions. The company fine-tuned Gemini on datasets containing realistic attack scenarios, teaching the model to ignore malicious embedded instructions while following legitimate user requests.
Beyond security enhancements, Gemini 2.5 models are receiving additional features including thought summaries in the Gemini API and Vertex AI, which organize the model's reasoning process into a structured format for better transparency and debugging. The models also support native audio output for more natural conversational experiences.
The Gemini 2.5 Flash model is now available to everyone in the Gemini app, with general availability in Google AI Studio for developers and Vertex AI for enterprises coming in early June. Gemini 2.5 Pro will follow shortly thereafter, bringing its enhanced security features to a wider audience.