Google inbox AI and storage abuse raise trust flags

Google is now putting more artificial intelligence directly inside Gmail, including thread summaries, writing help, and search answers that are generated from the contents of your inbox instead of from the open web. (support.google.com) (blog.google) That means the privacy question is no longer “does Gmail store my mail,” because Gmail has done that for years. The new question is whether a model is scanning your messages closely enough to summarize a thread, answer a question about it, or draft a reply in your tone. (support.google.com 1) (support.google.com 2) Google’s own help pages say Gemini in Workspace can generate content using insights gathered from email messages, documents, and other files without switching tabs. Google also says some United States consumer users may now see fewer separate “Ask Gemini” panels because those features are being folded directly into Gmail itself. (support.google.com 1) (support.google.com 2) At the same time, attackers are using Google’s cloud infrastructure in the opposite direction: not to read your inbox, but to get malicious links into it. Researchers reported a March 2026 phishing campaign that hosted redirect pages in Google Cloud Storage so emails pointed at a trusted Google-owned domain before sending victims somewhere harmful. (cybersecuritynews.com) The malware in that campaign was Remcos, short for Remote Control and Surveillance, a remote-access tool that lets an attacker operate a victim’s computer from afar. Security researchers say Remcos is still actively maintained and is commonly used for keystroke logging, surveillance, and remote actions after a phishing click. (any.run) (cybersecuritynews.com) So two different trust problems are colliding in the same place. One is a user asking Google’s model to read an inbox well enough to be useful, and the other is an attacker borrowing Google’s reputation well enough to get past a spam filter. (support.google.com) (cybersecuritynews.com) Google’s own threat team has been warning about a third route in: phone-based social engineering aimed at business process outsourcing firms and help desks. In one case Google tracks as UNC6040, attackers impersonated information technology support staff in voice phishing calls to steal access to Salesforce environments and then extort victims. (cloud.google.com 1) (cloud.google.com 2) That matters because a help desk can override the neat security diagram on a slide deck. If an attacker convinces a contractor to reset a password, enroll a new device, or approve a login, the breach happens around the application instead of through a software bug inside it. (cloud.google.com) (cloud.google.com) Put those pieces together and the pressure point is not one product. It is the handoff between sensitive work, trusted brands, and systems that act on behalf of a user, whether that system is an artificial intelligence assistant in Gmail, a cloud-hosted link in an email, or a human at a support desk with account privileges. (support.google.com) (cybersecuritynews.com) (cloud.google.com) The companies that keep trust here will be the ones that explain exactly what their models can access, label when an answer came from private mail, lock down cloud buckets that can be abused as redirectors, and force extra verification on support workflows that can reset identity. Google’s recent product and threat notes show all four of those pressure points are live right now. (support.google.com) (support.google.com) (cloud.google.com)