What bothered me about the new SafeBreach Gemini paper wasn't the exploit

The article discusses a vulnerability in Google's Gemini voice assistant that was patched three months after it was reported. The vulnerability allowed attackers to hijack the voice assistant and perform various malicious actions. The issue is not the exploit itself, but the three-month window in which attackers could exploit it before a patch was released. This highlights the problem of commercial language models being vulnerable to indirect prompt injection attacks, which can bypass safety checks.