Spectrum Stream

Anamorpher, A New Attack Vector Discovery!

✍️ Rafe Fredericks πŸ“… πŸ“‚ Blog

Anamorpher

Anamorpher: New attack vector discovered in Gemini and Vertex AI

What was Discovered?

Trail of Bits researchers, Kikimora Morozova and Suha Sabi Hussain have revealed a stealthy image scaling attack that allows for hidden prompts to be embedded into high-resolution images. These can be used to stealthfully trigger malicious actions. Once an image is downscaled by AI systems, these invisible instructions reveal themselves to the AI system.

So far the attack has proven effective across major platforms: Gemini CLI, Vertex AI Studio, Gemini’s web and API interfaes, Google Assistant on Andriod and Genspark.

How does this even work?

Most AI systems automatically downscale uploaded images for performance.

However, this resampling (done through nearest neighbor, bilinear or bicubic interpolation) can introduce aliasing artifacts - invisible at full res but become visible when compressed.

Trail of Bits reverse-engineered this process using test patters (such as: checkerboards, concentric rings etc.) to fingerprint the specific interpolation algorithm in use. That allowed them to craft payload images where hidden text emerges post-scaling.

Anamorpher is an open source tool they released to recreate these images, using both a web interface and a Python API for customization.

What are the Real-World impacts?

Invisible threat vector: Users are going to feel unsafe uploading images, unaware if any images are hiding prompts.

Agentic AI systems at risk: Any system that automatically calls external tools (Zapier, Calendars, or automation pipelines) could be coerced into performing these harmful operations.

Widespread vulnerability surface: The attack isn’t limited to one product or service; common downscaling practices across frameworks and platforms make it broadly applicable.

How to Stay Safe

  • Avoid image downscaling entirely

  • Always preview the exact image

  • Require explicit user confirmation

  • Adopt secure design patterns

    AI is only as secure as the systems around it. At Spectrum Stream Security Technologies, we help Australian businesses safeguard their AI pipelines against novel threats like Anamorph. Book a free consultation today and harden your defences before attackers exploit them.

    Want to learn more? check out this video!

Anamorpher: Exposing Hidden Data-Theft

β–Ά Watch on YouTube

Rafe Fredericks
Rafe Fredericks
Founder @ Spectrum Stream. Pentesting, AI-driven defense, and practical security for SMBs.
Previous
Hanson Chamber Ransomware Attack