This feels like one of those things where "just let users pick their AI assistant" sounds simple until you realize that means access to screen contents, local data, app control, wake words, etc.
At that point, who’s actually on the hook when some third-party assistant screws up: Google, the AI company, or the EU for requiring the access in the first place?
Also, wouldn’t Google’s easiest move just be to pull the Gemini integrations in the EU?
Author here - I liked the watchTowr article too, that’s why it’s linked. And yes, sadly, not every CVE writeup comes with cat pictures.
Mine is for a different audience: a 5-minute summary of the important bits, with links to the deeper research/PoC for people who need the full context.