Email security, AI/ML

Email compromise possible via ChatGPT calendar integration abuse

New ChatGPT Time Bandit jailbreak examined for cyber threat. (Adobe Stock)

OpenAI's artificial intelligence chatbot ChatGPT could have its calendar integration facilitated by the recently introduced Model Context Protocol tool support exploited to enable remote command execution and email account compromise, reports SecurityWeek.

Malicious actors could distribute specially crafted calendar invites with a jailbreak prompt ordering ChatGPT to exfiltrate sensitive details from targeted users' email inboxes after ChatGPT is sought by victims to check their calendars, according to a report from AI security firm EdisonWatch.

Other AI chatbots are also affected by the security issue, said EdisonWatch founder Eito Miyamura, who noted the usefulness of the attack technique despite needing user interaction.

"Decision fatigue is a real thing, and normal people will just trust the AI without knowing what to do and click approve, approve, approve," Miyamura added.

Such findings come after Google Gemini for Workspace was reported by SafeBreach to be at risk of being compromised by a similar calendar invite scheme.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds