The new Gemini-based Google Translate can be hacked with simple words

Google Translate, now powered by Gemini, is vulnerable to prompt injection attacks, a direct consequence of Google switching the service to Gemini models in late 2025.

Users can bypass the translation function entirely by embedding natural language instructions that speak directly to the underlying language model. The trick was first discovered by a Tumblr user (via LessWrong). It works by entering a question in a foreign language like Chinese, then adding an English meta-instruction below it. Instead of translating the text, Google Translate answers the question.

LLM jailbreaker "Pliny the Liberator" showed on X that the exploit goes well beyond harmless questions. Using the same technique, they got Google Translate to produce dangerous content, including instructions for making drugs and malware.

Google switched Google Translate to Gemini models in December 2025. The exact model powering the service isn't publicly known. The system itself claims to use Gemini 1.5 Pro, but that isn't reliable information.

Either way, the vulnerability highlights a familiar problem: even major tech companies still don't have reliable defenses against natural language attacks, one of the most fundamental security challenges facing language models today.