The AI becomes the attack vector.
Google has extended its Gemini AI beyond conversation into action, granting it the ability to navigate app stores and control computers directly on a user's behalf. With Gemini 3.5 Flash, the assistant moves from answering questions to executing tasks — a transition that mirrors a broader human ambition to delegate not just thinking, but doing, to machines. This expansion of agency arrives, as such expansions often do, accompanied by a shadow: security researchers warn that the same reach that makes Gemini useful makes it a compelling target for those who would turn its capabilities against the very users it serves.
- Google has quietly crossed a threshold — Gemini can now see your screen, move your cursor, and complete tasks across applications without you lifting a finger.
- The Play Store integration dissolves the friction of app discovery, letting users describe what they need in plain language while Gemini does the searching and filtering.
- Security researchers are already sounding alarms, warning that an AI with computer control is essentially an open door for anyone who can manipulate what it sees or trick it into executing malicious commands.
- Google has offered no detailed account of the safeguards in place, leaving users to weigh genuine productivity gains against a risk profile that remains poorly defined.
- The feature lands at a familiar crossroads in technology: the more powerful the tool, the more consequential its compromise — and Gemini is now a very powerful tool.
Google has upgraded its Gemini AI assistant in ways that push it from conversation into direct action. The changes, arriving in Gemini 3.5 Flash, deepen Gemini's role in the Android ecosystem while giving it something new: the ability to control a computer.
The first addition is a Play Store integration that lets users describe what they're looking for — a photo editor, a game, a productivity app — and have Gemini surface relevant results through natural conversation. What was once a browsing task becomes a dialogue, with the AI handling the filtering work.
More significant is the computer control capability. Gemini can now see a user's screen and interact with it directly — clicking buttons, typing text, navigating applications — effectively acting as a hands-free operator across PC software. Combined with existing Search and Maps integrations, the AI can retrieve information and then act on it, potentially completing multi-step tasks from start to finish without human intervention.
The power of that capability has not gone unnoticed by threat actors. Security researchers report that hackers are already probing AI agents with computer control abilities, recognizing that manipulating what the AI sees — or tricking it into executing commands — amounts to gaining remote access to a machine through an unlikely intermediary. Google has not publicly detailed what protections it has built against such exploitation.
The tension is a familiar one: the feature that makes a tool most useful is often the feature that makes it most dangerous when compromised. Google appears to be betting that convenience will carry the day — but the security question remains genuinely open.
Google has given its Gemini AI assistant a significant capability upgrade, embedding it more deeply into the Android ecosystem while simultaneously granting it the ability to control computers directly. The changes arrive in Gemini 3.5 Flash, the company's latest iteration of the model, and they represent a meaningful shift in how the AI can interact with both software and hardware.
The first major addition is a direct integration with Google Play Store. Rather than describing what app you're looking for or navigating the store manually, you can now simply chat with Gemini about what you need—a photo editor, a productivity tool, a specific game—and the AI will search the Play Store and surface relevant options for you. This conversational approach to app discovery streamlines what has traditionally been a browsing experience, letting the AI handle the filtering and recommendation work based on your natural language request.
More consequential is the computer control feature now baked into Gemini 3.5 Flash. The AI can now see and interact with your screen, meaning it can click buttons, type text, navigate applications, and execute tasks across your PC without you having to do the work yourself. This pairs with existing integrations to Google Search and Maps, creating a system where Gemini can not only retrieve information but act on it—pulling up a map, finding a restaurant, and potentially even booking a reservation by controlling the browser or application on your behalf.
The capability is genuinely powerful. An AI that can see your screen and move your mouse can theoretically handle repetitive work, navigate complex software interfaces, and complete multi-step tasks that would otherwise require human attention. For users managing routine digital chores, this represents a meaningful productivity gain.
But the same capability that makes Gemini more useful has already caught the attention of security researchers and threat actors. The ability for an AI to control a computer is precisely the kind of access that malicious actors want to exploit. Hackers are already targeting AI agents with computer control abilities, according to reports emerging alongside the announcement. The vulnerability is straightforward: if someone can manipulate what Gemini sees or trick it into executing commands, they've essentially gained remote control of your machine through the AI intermediary.
Google has not detailed specific security measures it has implemented to prevent such exploitation, though the company's track record suggests it is aware of the risks. The tension here is familiar in technology: a feature that is genuinely useful is also genuinely dangerous if misused or compromised. Gemini's new computer control sits at that exact intersection.
The Play Store integration and computer control capabilities represent Google's push to make Gemini not just a conversational tool but an agent capable of taking action in the digital world. Whether users will adopt these features widely, and whether the security risks can be adequately managed, remains an open question. What's clear is that Google is betting that the convenience will outweigh the concerns—at least for now.
La Conversación del Hearth Otra perspectiva de la historia
So Gemini can now see your screen and move your mouse. That's a pretty big shift from a chatbot. What does that actually look like in practice?
Imagine you're looking at a spreadsheet and you want to reorganize some data. Instead of doing it yourself, you describe what you want to Gemini, and it watches your screen, understands the layout, and starts clicking and typing to make the changes happen. It's not just giving you advice anymore—it's doing the work.
And the Play Store integration—is that just a convenience thing, or does it change how people discover apps?
It's both. Right now, finding an app means scrolling through categories or using search terms. With Gemini, you can just say "I need something to edit photos but I don't want it to be too complicated," and it understands context in a way a search box doesn't. It's more like talking to someone who knows the store.
The security angle seems like the real story here. If Gemini can control your computer, what stops someone from tricking it into doing something malicious?
That's exactly what researchers are worried about. If you can manipulate what Gemini sees or feed it misleading instructions, you've essentially got remote access to someone's machine. The AI becomes the attack vector.
Has Google said how they're protecting against that?
Not in detail. They're aware of the risks—they have to be—but the specifics of their safeguards haven't been made public. It's one of those situations where the feature is genuinely useful, but the danger is real and immediate.
So we're in a waiting period. Google ships the feature, and now we see if the security holds.
Exactly. The technology works. The question is whether it can be kept safe at scale.