Gemini and Google Drive: a security risk you need to fix right now

13/03/2025

—

Google Drive has long allowed users to share files with “Anyone with the link” and “Anyone in the domain” for convenience. But with the introduction of Google’s Gemini AI, this seemingly harmless setting could lead to serious data leaks.

What's the big deal?

In the past, if a file was shared with “Anyone with the link,” people still needed to have the actual link to access it. But Gemini has changed the game. Now, Gemini assumes that if a file is shared with you in any way — including through an open link — you should be able to see its contents.

Gemini assumes that since the file is in open access, everyone in your organization has the right to see it. Makes sense, right?

While that’s logical, that also means if someone in your organization shares a sensitive file (e.g., salary data, customer information, or internal strategies) with “Anyone with the link” by mistake, Gemini can now surface that information in response to user queries. Worse, it will even provide the link to the source file.

It’s a little similar to sharing files with “Domain with the link” with the searchability setting turned on, which means that anyone in the company can accidentally find the files by using the search function in Google Drive.

Imagine asking Gemini, “How much does my colleague Bob earn?” If an openly shared file contains that information, Gemini might just give you the answer — along with the link to the file.

You may think that it shouldn’t be a problem in your organization: after all, it’s common sense that you should never share sensitive data with “Anyone with the link” or with the entire company, right?… Wrong. You’d be surprised how often files are shared via link due to oversight or for convenience.

Why is this a big deal?

People often use link sharing for convenience, not realizing that this setting makes sensitive documents vulnerable. Most employees don’t remember which files are in open access, and over time, thousands of confidential documents could be at risk.

Now, with Gemini in the mix, those files aren’t just accessible to people with the link. Anyone in the company can come across sensitive information they contain. It’s important to note that all files are contained inside your organization – Gemini never shares your company’s files outside your organization.

How to protect your organization's data

The solution to this problem is a no brainer. Before enabling Gemini AI for your organization, it’s crucial to review and fix file access permissions. But manually checking every shared file? That’s nearly impossible.

That’s where Florbs comes in. With Florbs, you can:

• Identify all files shared with “Anyone with the link” or with “Domain with the link”.

• Remove risky access to hundreds of thousands of files in one go.

• Automatically prevent future oversharing with policy controls.

Take action now to protect your data

If your organization is using Google Drive and considering enabling Gemini AI, don’t wait. Secure your files now:

🔎  Audit shared files with Florbs to see exactly which files are shared with “Anyone with the link” – Available in the free Florbs trial!

🧹  Remove all unnecessary “Anyone with the link” and “Domain with the link” access.
👩‍🏫  Educate employees on safe file-sharing practices.
⚙️  Set up automated controls to prevent future risks.

File security is no longer optional — it’s essential. Take control before sensitive data falls into the wrong hands.