Have you seen the reports about a new 'ShadowLeak' attack that targets ChatGPT's Deep Research tool? Researchers found they could hide instructions in an email using white-on-white text and CSS tricks. When ChatGPT's research agent analyzed the email, it obediently collected the victim's Gmail messages and sent them back to an attacker, all without the user clicking anything.
OpenAI apparently patched the bug after it was disclosed, but it got me thinking about how much we trust these AI assistants with our personal accounts. I love how convenient it is to have an AI summarize my inbox or draft messages, but I'm not crazy about the idea of it running browser commands behind the scenes.
Do you use any of these AI "agents" that can read your email or documents? Are you changing your habits after hearing about ShadowLeak? I'd love to hear what precautions you're taking (or if you're just crossing your fingers!).
OpenAI apparently patched the bug after it was disclosed, but it got me thinking about how much we trust these AI assistants with our personal accounts. I love how convenient it is to have an AI summarize my inbox or draft messages, but I'm not crazy about the idea of it running browser commands behind the scenes.
Do you use any of these AI "agents" that can read your email or documents? Are you changing your habits after hearing about ShadowLeak? I'd love to hear what precautions you're taking (or if you're just crossing your fingers!).