Overview

• Security researcher Eito Miyamura demonstrated that a calendar invite carrying a jailbreak prompt could induce ChatGPT to read and send private emails without the recipient accepting the invite.
• OpenAI’s Model Context Protocol now lets ChatGPT connect to services such as Gmail, Google Calendar, SharePoint and Notion, expanding potential paths for data leakage.
• OpenAI requires developer mode and manual approvals for MCP sessions, yet analysts warn decision fatigue and careless consent can still enable exploitation.
• Security experts say large language models struggle to distinguish malicious instructions from legitimate ones, making phishing-like prompts and jailbreaks effective.
• Vitalik Buterin cautioned that using a single AI to govern or allocate funds is a red flag and proposed an open marketplace of models with random spot checks and human juries as a mitigation.