Overview

• Eito Miyamura demonstrated that a crafted calendar invite with a jailbreak prompt can trigger ChatGPT, via MCP, to exfiltrate email contents without the victim accepting the invite.
• OpenAI recently enabled full Model Context Protocol support in ChatGPT to connect with Gmail, Google Calendar, SharePoint, Notion and similar services.
• Buterin called naive AI governance a bad idea, warning that single‑model systems used to allocate funds can be manipulated with jailbreak prompts.
• He proposed an “info finance” model that relies on multiple competing AIs, random spot checks and disputes settled by human juries.
• Reports note MCP access currently runs in developer mode with manual approvals, yet experts caution that LLM susceptibility and user decision fatigue can still enable abuse.