Pentera Logo Pentera Logo White
Platform
Pentera Platform
A single platform for everything security validation and remediation
Learn more
AI in Pentera
AI-powered exposure validation
Pentera Labs Research
Advanced research of the latest attack techniques
Integrations
Connect exposure validation with your security ecosystem
Safety & Compliance
Controlled execution with audit proof
Products
Pentera Core
Internal network security validation
Pentera Surface
External network security validation
Pentera Cloud
Cloud identity and hybrid environment security validation
Pentera Resolve
Automated remediation orchestration
Services
Security Validation Advisory (SVA)
Our experts guide your security validation program
Adversarial Testing Services
Our experts test your environments for you
Pentera named a Representative Vendor in Gartner® Market Guide for Adversarial Exposure Validation
Get the report
Research
Pentera Labs
Elite cyber threat researcher team
Learning
Cybersecurity glossary
Security validation terminology and definitions
resources
Feb 2026
LOLBins Against the Machine: Reverse Engineering at Machine Speed
Purpose Attackers can utilize Living Off the Land Binaries (LOLBins) to execute commands, evade detection,...
Read now
Customers
Customer stories
Read how some of the world's most forward-thinking companies validate their security
Video testimonials
See what people who use Pentera have to say about it
“Pentera helps us prioritize what truly matters and gives us confidence we are covering our global environment continuously.”
“Seeing a domain admin account cracked in production changed how we view internal exposure.”
“Pentera helped us advance our red team and continuously improve penetration testing.”
“Pentera makes it easier to focus on what is truly exploitable instead of chasing long vulnerability lists.”
“In a complex, large-scale environment, Pentera delivers the speed and visibility security teams need.”
“Pentera amplified our team’s performance and delivered measurable value to upper management.”
"Pentera allows us to tailor testing to each service, reduce time and costs, and shift our focus from simply finding vulnerabilities to actively helping our teams fix them.”

Rubén Alonso | Head of Secure
Development Unit, Telefonica

Watch now
“I don’t think we’d be able to advance our red team without Pentera. If you’re looking to improve penetration testing, I would definitely recommend it.”

Owen Fuller | Cybersecurity Engineering
Manager, Casey’s

Watch now
Resources
Resources Center
Blog
Glossary
Guides
Annual Survey
See all cybertoons
Company
About Pentera
Learn who are we and what’s our mission
Careers
Open roles across engineering, research, and go-to-market
Trust Center
Security, privacy, compliance, and certifications
Contact Us
Write to us and we’ll get back to you
Partners
Become a Partner
Become a Pentera partner
Partner Program
Learn how we support our partners across the globe
Partner Login
Access the partner portal
News & Press
Newsroom
Company announcements and press releases
Open positions
Talk to an Expert
Pentera / Newsroom

Pentera Labs Uncovers Gmail Weakness That Lets Attackers Pass Malware Off as “Scanned”

11 May 2026

Pentera Labs Exposes Flaws That Let Attackers Stamp Malware as Safe in Gmail

Boston, MA – May 11, 2026 –  Pentera, the Exposure Validation Company, has uncovered structural flaws in the integration between Gmail and Google Drive that allow malicious files to bypass Google’s native security controls and reach user inboxes bearing a “Scanned by Gmail” seal of approval.

In the first finding, the research demonstrates that files explicitly blocked by Gmail’s attachment scanner can be uploaded to Google Drive, and then shared through the platform’s native Drive-to-Gmail integration. These files are then delivered to recipients as standard-looking attachments complete with Gmail’s trusted safety label, despite the file having already been identified as malicious.

In a second finding, applicable specifically to executable files, Pentera Labs researchers showed that Google Drive warns users before downloading and Gmail blocks them as attachments outright. But when those same files are routed through Drive and into Gmail, the download warning no longer appears, and Gmail’s attachment restrictions can be side stepped using Drive links. Recipients can download the file with no warning at all.

“The exact same file Gmail flags as malicious and refuses to send, can still reach the inbox through Google Drive, presented as if it’s been verified,” said Ben Ilkashi, Security Researcher at Pentera Labs. “From a user’s perspective, there is no visible difference. It looks like a normal, trusted attachment.”

Pentera Labs researchers hypothesize that these issues may stem from Gmail extending implicit trust to files originating from Drive, under the assumption that content within Google’s ecosystem is pre-vetted. That dynamic creates a gap attackers can deliberately exploit, turning Google’s own infrastructure into a high-trust malware delivery mechanism for phishing campaigns. The risk extends beyond corporate environments, potentially impacting every individual with a Gmail account.

Google confirmed the validity of the report. As of publication, no fix or official timeline has been released.

For security teams:

  • Treat emails containing Google Drive links with the same scrutiny as direct file attachments, regardless of safety labels.
  • Configure secure web gateways to sandbox files downloaded from Drive links.
  • Enforce Gmail content compliance rules to flag or quarantine emails from external senders that include Drive sharing links.

For individuals and everyday Gmail users:

  • Treat emails with Google Drive links the same way you would treat unexpected attachments, even if Gmail marks them as “safe” or “scanned.”
  • Understand that Gmail’s safety labels do not guarantee a file or link is harmless.

The full research report is available at https://pentera.io/resources/research/integration-flaws-Gmail-Google-drive

Test your security