Google Gemini security gaps: what IAM teams need to verify

TL;DR: Google Gemini security varies by product tier and leaves enterprises responsible for permissions, agent behavior, and regulatory fit, according to WitnessAI. The real risk is not Gemini itself, but the gap between provider controls and runtime governance when prompts, tools, and Shadow AI interact with sensitive data.

NHIMG editorial — based on content published by WitnessAI: Google Gemini security and the enterprise shared-responsibility model

By the numbers:

• 78% of employees bring their own AI tools to work, and some employees may paste sensitive company data into unapproved AI applications.
• The 2026 Infrastructure Identity Survey found that 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
• The 2026 Infrastructure Identity Survey found that systems with least-privileged AI access had a 17% incident rate versus 76% for over-privileged systems.

Questions worth separating out

Q: How should security teams govern Gemini when it is connected to enterprise tools?

A: Treat each connected Gemini deployment as a governed non-human identity, not just a chat feature.

Q: Why do AI agents complicate shared-responsibility models?

A: They complicate shared responsibility because the provider can secure the platform, but it cannot own the business decision to let an agent read mail, query systems, or trigger actions.

Q: What breaks when organisations rely only on native AI safety controls?

A: Native controls often address configuration and content screening, but they do not fully govern what happens after an agent starts interacting with live tools and data.

Practitioner guidance

• Map Gemini tiers to control ownership Inventory Workspace, Gemini Enterprise, Vertex AI, and any consumer entry points separately.
• Classify connected agents as non-human identities Give each tool-connected agent a defined identity, least-privilege scope, and offboarding path.
• Add runtime monitoring for prompt and tool behaviour Use telemetry that can detect prompt injection, abnormal tool calls, and sensitive data movement during live sessions.

What's in the full article

WitnessAI's full analysis covers the operational detail this post intentionally leaves for the source:

• Tier-by-tier control differences across Workspace, Gemini Enterprise, Vertex AI, and consumer usage.
• Native security settings and how they change the shared-responsibility boundary in practice.
• Runtime defence examples for prompt injection, data exfiltration, and tool-connected agent behaviour.
• Visibility and policy-enforcement details for organisations trying to govern Shadow AI and unmanaged usage.

👉 Read WitnessAI's analysis of Google Gemini security and shared responsibility →

Google Gemini security gaps: what IAM teams need to verify?

Explore further

View Full Forum →  |  NHI Foundation Course →