ChatGPT flaw could leak emails and calendar data, claims researcher

A recent incident shared by developer and Oxford alumnus Eito Miyamura has brought to light a significant security vulnerability in OpenAI's ChatGPT. In a post on social media, Miyamura revealed that he was able to exploit the newly implemented Model Context Protocol (MCP) tools to gain access to sensitive user data, including emails and calendar events, simply by using the victim’s email address. OpenAI had recently introduced full support for MCP tools in ChatGPT, enabling the AI to connect to and retrieve information from various platforms like Gmail, Google Calendar, SharePoint, and Notion. While the intention behind this feature is to boost productivity by allowing ChatGPT to access data across different services, Miyamura’s demonstration raises alarming concerns about potential misuse and security breaches. The method described by Miyamura involves sending a calendar invitation that contains a "jailbreak" prompt to the target. Notably, the victim does not need to accept the invitation for the attack to succeed. When the user interacts with ChatGPT to organize their schedule, the AI reads the malicious invite and executes the attacker's commands. This could lead to the unauthorized access of private emails, which could then be transmitted to the attacker’s own address. Currently, MCP tools are only available in developer mode and require manual approval for each session. However, Miyamura cautions that users may overlook security protocols due to decision fatigue, potentially allowing unauthorized access to sensitive information. In the midst of these security concerns, OpenAI has rolled out a highly anticipated feature in ChatGPT that allows for branching conversations. Users can now explore various discussion paths without losing track of the original context, a change that came in response to user feedback for more flexible conversation management. This new functionality is available to logged-in users on the web, enhancing the overall user experience while raising questions about data security.