New ChatGPT Feature Exposes Your Emails To Hackers

A team of researchers led by Eito Miyamura, an Artificial Intelligence specialist and Oxford University Computer Science Alumnus, has uncovered a significant security flaw in ChatGPT. The team discovered that by using relatively simple techniques, they could trick the AI model into leaking sensitive data from a user's private emails.

A Powerful New Feature Hides a Critical Flaw

The vulnerability stems from a recently added feature called the Model Context Protocol (MCP). OpenAI introduced MCP to enhance ChatGPT's capabilities, allowing it to act as a powerful personal agent by connecting to and accessing information from a user's personal applications like Gmail, Calendar, SharePoint, and Notion. While this integration offers convenience, Miyamura’s research demonstrates that an attacker only needs your email address to exploit it.

How a Simple Calendar Invite Can Steal Your Data

Miyamura explained that once a user connects their email account to ChatGPT using MCP, the system is open to attack. A malicious actor can send a specially crafted calendar invitation to the user's email address. The critical component of this attack is a hidden "jailbreak prompt" embedded within the invitation's details.

Crucially, the user does not even need to accept the invite for the attack to succeed. ChatGPT, in its process of scanning the connected accounts, automatically reads the new invitation. The jailbreak prompt then tricks the AI into following the attacker's instructions instead of its own safety protocols. This allows the attacker to command ChatGPT to read through the user's emails and send any sensitive information it finds back to them. Miyamura demonstrated the process in a video posted on his X account.

The Rising Tide of AI-Powered Threats

This discovery highlights the growing potential for AI to be used for malicious purposes. Criminals are already leveraging artificial intelligence to crack complex passwords and deploy AI-powered ransomware that can automate cyberattacks with alarming speed. The scale of this problem is significant, with the ransomware industry projected to become a staggering $265 billion market by 2031. As industry leaders continue to pour resources into making their AI models more powerful, this incident serves as a stark reminder that they must also prioritize investments in robust security guardrails to mitigate the risk of abuse.