Gemini

Chat

Google

Product overview

Name of Agent: Gemini

Short description of agent: "interface to a multimodal LLM (link, archived)"

Date of release: 03/2023 (link, archived) for Bard 12/2023 (link, archived) for Gemini 05/2025 (link, archived) for agent mode in app

Advertised use: knowledge synthesis, picture generation, learning new things (link, archived)

Monetisation/Usage price: Free, Pro (20), access to Gemini coding, google workspace, chrome Ultra (125), just higher rate limits

Who is using it?: end user customer, API usage, enterprises, government (link, archived)

Website: (https://gemini.google/about/, archived)

Category: Chat

Company & accountability

Developer: Google

Name of legal entity: Google LLC (link, archived)

Place of legal incorporation: Delaware, USA (link, archived)

For profit company?: Yes

Parent company?: Alphabet Inc

Governance documents analysis: Google TOS (link, archived), GenAI Prohibited Use Policy (link, archived)

AI safety/trust framework: Gemini App safety and policy guidelines (link, archived), Responsible AI Principles (link, archived)

Compliance with existing standards: Looks like mentions of Gemini and compliance standards are for enterprise versions of them, but unclear (link, archived)

Technical capabilities & system architecture

Model specifications: Powered by Gemini models. You can select which Gemini model to use. Reasoning available.

Documention: API docs (here, archived). Main page (here, archived).

Observation space: Multimodal (text, audio, images and more), access to the internet.

Action space: Text back to user, there are also a number of built in tools, including sandboxed code execution (link, archived)

Memory architecture: None found

User interface and interaction design: Chatbot. Also interactive UIs ("generative UIs") on some queries, and interactive diagrams. Unclear when exactly interactive diagrams trigger though

User roles: Operator (issues queries, which the agent to responds to); Executor (user may take actions/make decisions based on outputs); Examiner (user can use thumbs up/down buttons to give feedback)

Component accessibility: Closed source

Autonomy & control

Autonomy level and planning depth: L1-L2: Tasks that users assigns to the agent are often narrow in scope. More complex tasks need multi-turn conversations where the user is in charge of planning. Agent always comes back to the user and awaits further instructions

User approval requirements for different decision types: The turn-based interaction paradigm by default requires user approval (issuing further instructions) to continue the interaction. Model can also ask follow-up/clarifying questions

Execution monitoring, traces, and transparency: Visible (albeit summarized) CoT when reasoning is activated

Emergency stop and shut down mechanisms and user control: User can pause/stop the agent at any time

Usage monitoring and statistics and patterns: None, will just tell you when you've hit their limit

Ecosystem interaction

Identify to humans?: - Output created by Gemini apps has watermarking tech (SynthID) (link, archived) - Some media contains C2PA (an open provenance/metadata standard) that adds content credentials so tools can track how media was created/modified using AI (link, archived)

Identifies technically?: - Gemini-related web content controls are handled via existing Google crawling infrastructure and user-agent strings (e.g., Googlebot/GoogleOther) plus the standalone Google-Extended token for Gemini training/grounding controls (link, archived) - Crawlers use published IP ranges and verifiable hostnames (link, archived)

Interoperability standards and integrations: None found, Google launched Agent2Agent (A2A) as an open protocol and Agent Payments Protocol (AP2) but these are not supported in the Gemini apps ((link, archived), (link, archived))

Web conduct: - Obeys robots.txt (link, archived) - Google-Extended as a robots.txt user-agent token (not a separate HTTP UA) lets publishers control whether content Google crawls may be used for Gemini (link, archived) - An article from Futurism reports a Google DeepMind exec acknowledging that Google still trains on data from sites that “asked to be ignored” (link, archived)

Safety, evaluation & impact

Technical guardrails and safety measures: For Gemini 2.5 Computer Use (link, archived): post-training mitigations to teach the model to recognize high-stakes actions, safety monitoring and filtering at inference time.

Sandboxing and containment approaches: None found

What types of risks were evaluated?: In Gemini 2.5 Pro (link, archived): usage policy testing, CBRN, cyber capabilities/misuse, autonomy, deceptive alignment

(Internal) safety evaluations and results: In Gemini 2.5 Pro (link, archived): - Usage policy testing: absolute numbers not reported, but generally saw decreased policy violations compared to previous generation model - CBRN: SecureBio VMQA single-choice, FutureHouse LAB-Bench, WDMP. "Based on qualitative assessment, 2.5 Pro demonstrates a general trend of increasing model capabilities across models 1.5 Pro, 2.0 and 2.5 Pro: it generates detailed technical knowledge of biological, radiological and nuclear domains. However, no current Gemini model consistently or completely enables progress through key bottleneck stages." GDM concluded that 2.5 Pro did not cross the CCL 1.0 threshold (""The model can be used to significantly assist a low-resourced actor with dual-use scientific protocols, resulting in a substantial increase in ability to cause a mass casualty event."). - Cyber capabilities/misuse: internal dataset as described in Phuong et al 2024 (link) and Rodriguez et al. 2025 (link). GDM concluded that 2.5 Pro did not cross CCL 1.0 threshold for model autonomy or for uplift. - Autonomy: RE-Bench. GDM concluded that 2.5 Pro did not cross CCL 1.0 threshold for model autonomy or for uplift. - Deceptive alignment: internal dataset as described in Phuong et al. 2025 (link). GDM concluded that 2.5 Pro did not cross CCL 1.0 or 2.0 threshold for instrumental reasoning.

Third-party testing, audits, and red-teaming: Google states that for the Gemini app, “trust and safety teams and external raters conduct red-teaming” to uncover unknown issues (third-party involvement mentioned, but not named) (link, archived)

Benchmark performance and demonstrated capabilities: Refer to Gemini 2.5 Pro System Card (link, archived) for full results

Bug bounty programmes and vulnerability disclosure: Yes (link, archived)

Any known incidents?: None found

← Back to 2025 Index