Artificial Intelligence (AI) is no longer futuristic, it’s in the tools we use every day.
Gmail, for example, now includes AI-powered summaries through its Gemini feature, designed to help users quickly understand emails. For busy teams in civil society organisations (CSOs), this sounds like a time-saver. But recent reports have revealed that this new AI feature isn’t as safe as it seems.
Security researchers have discovered that attackers can manipulate Gmail’s AI summaries with “hidden prompts” embedded inside emails. In practice, this means the AI could produce false but convincing messages, for example, urging you to click a malicious link, update account details, or share confidential information. If staff rely on the AI summary instead of carefully reading the email, they could fall into a trap.
At the same time, Gmail has also been linked to a wider breach that reportedly compromised as many as 2.5 billion accounts worldwide. Together, these incidents highlight a critical truth: as technology evolves, so do the threats. And for CSOs handling sensitive information and vulnerable communities, the stakes are much higher.
Why This Matters for Civil Society
CSOs depend on digital tools to coordinate, advocate, and mobilise. From human rights defenders to media groups, Gmail often serves as the backbone of daily communication. Any weakness in that system puts not just information, but entire missions, at risk.
The risks here aren’t abstract. Imagine a staff member receives an AI-generated alert summarising an email as a security warning. Trusting the AI, they click a link that looks official but actually hands over login details to attackers. Suddenly, sensitive emails, donor records, or even the identities of vulnerable individuals could be exposed.
For activists, journalists, and nonprofits in Africa, who already face targeted online harassment, surveillance, and disinformation, such a breach could undermine years of work, and put lives in danger. That’s why taking action isn’t optional, but essential.
What CSOs Can Do Right Now
The good news is that there are clear, practical steps organisations can take to strengthen their resilience against these flaws:
- Reset Gmail Passwords
If your team hasn’t changed their passwords in a while, now is the time. Every staff member should use a strong, unique password, and should not repeat it across different accounts. - Enable Two-Factor Authentication (2FA)
Adding 2FA or, better yet, a security key creates an extra lock. Even if attackers steal a password, they won’t easily access accounts without the second factor. - Be Careful With AI Summaries
Treat Gmail’s Gemini summaries as a helpful tool, not an absolute truth. If something looks suspicious, open and read the actual email before taking action. - Don’t Delete Evidence
If you suspect an incident, don’t wipe systems or delete emails. That information could help identify what went wrong and prevent it from happening again. - Train and Remind Your Team Routinely
Digital safety isn’t just about tools, but about people. Short reminders, interactive training, and sharing examples of phishing attacks can go a long way in keeping staff alert. - Keep Systems Updated
Regular updates for browsers, apps, and devices ensure you have the latest security patches. It’s one of the simplest, yet most overlooked defences.
Building a Culture of Resilience
The Gmail security flaws remind us of something bigger: cybersecurity is never a “one and done” situation.
New tools bring convenience, but they also introduce new risks. Civil society organisations cannot afford to be passive users of technology, they must become active guardians of their digital spaces.
Resilience isn’t about having zero incidents. It’s about preparing your team to respond quickly, recover effectively, and keep moving forward. Just like a fire drill teaches people how to react in an emergency, digital resilience training prepares teams to act fast when an attack occurs.
AI is powerful, but it is not perfect. And as Gmail’s recent issues show, even the biggest tech platforms can’t guarantee absolute safety. For CSOs, the answer lies in preparation: stronger habits, smarter tools, and a culture where security is part of everyday work.
At Resilience Technologies, our mission is to help African civil society organisations build that kind of resilience. Through customised training, incident response support, and practical resources, we empower teams to stay safe online and protect the missions that matter most.
Your mission deserves more than luck, it deserves resilience.
Want to safeguard your organisation against evolving threats? Let’s build resilience together. Visit www.rtafrica.org/services.