Overview

• Security researcher Eito Miyamura showed a crafted calendar invite could hijack MCP-enabled ChatGPT to read a target’s emails and forward them to an attacker.
• The attack did not require the recipient to accept the invite, expanding the potential for silent data exfiltration.
• The new MCP connections let ChatGPT access services such as Gmail, Google Calendar, SharePoint and Notion, currently gated by developer mode and manual approvals that may fatigue users.
• Security experts cautioned that large language models struggle to tell genuine instructions from malicious prompts, leaving them open to simple jailbreaks.
• Vitalik Buterin argued that using a single AI to allocate funds invites abuse and proposed an open marketplace of models subject to random spot checks by human juries.