OpenAI's artificial intelligence chatbot ChatGPT could have its calendar integration facilitated by the recently introduced Model Context Protocol tool support exploited to enable remote command execution and email account compromise, reports SecurityWeek.Malicious actors could distribute specially crafted calendar invites with a jailbreak prompt ordering ChatGPT to exfiltrate sensitive details from targeted users' email inboxes after ChatGPT is sought by victims to check their calendars, according to a report from AI security firm EdisonWatch.Other AI chatbots are also affected by the security issue, said EdisonWatch founder Eito Miyamura, who noted the usefulness of the attack technique despite needing user interaction."Decision fatigue is a real thing, and normal people will just trust the AI without knowing what to do and click approve, approve, approve," Miyamura added.Such findings come after Google Gemini for Workspace was reported by SafeBreach to be at risk of being compromised by a similar calendar invite scheme.
Email security, AI/ML
Email compromise possible via ChatGPT calendar integration abuse

(Adobe Stock)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



