The team traveled to Las Vegas in 2024 for Google’s LLM bugSWAT event, highlighting the race among tech giants to dominate GenAI and LLMs. They discovered a new vulnerability in Gemini during the event, winning the Most Valuable Hacker award. Despite the gVisor sandbox’s multiple layers of defense, they managed to extract internal Google source code. The team utilized Binwalk to extract files and found sensitive data like internal code. Although initially restricted, the code was approved for public exposure by the Google Security Team. They uncovered that the sandbox communicated with Google servers and were able to call Google tools directly using RPC calls.
https://www.landh.tech/blog/20250327-we-hacked-gemini-source-code/