<
https://arstechnica.com/information-technology/2025/09/new-attack-on-chatgpt-research-agent-pilfers-secrets-from-gmail-inboxes/>
"The face-palm-worthy prompt injections against AI assistants continue. Today’s
installment hits OpenAI’s Deep Research agent. Researchers recently devised an
attack that plucked confidential information out of a user’s Gmail inbox and
sent it to an attacker-controlled web server, with no interaction required on
the part of the victim and no sign of exfiltration.
Deep Research is a ChatGPT-integrated AI agent that OpenAI introduced earlier
this year. As its name is meant to convey, Deep Research performs complex,
multi-step research on the Internet by tapping into a large array of resources,
including a user’s email inbox, documents, and other resources. It can also
autonomously browse websites and click on links.
A user can prompt the agent to search through the past month’s emails,
cross-reference them with information found on the web, and use them to compile
a detailed report on a given topic. OpenAI says that it “accomplishes in tens
of minutes what would take a human many hours.”"
Via David.
Cheers,
*** Xanni ***
--
mailto:xanni@xanadu.net Andrew Pam
http://xanadu.com.au/ Chief Scientist, Xanadu
https://glasswings.com.au/ Partner, Glass Wings
https://sericyb.com.au/ Manager, Serious Cybernetics
