Compromised Google Calendar invites can hijack ChatGPT’s Gmail connector and leak emails

A security researcher demonstrated how a malicious Google Calendar invite could exploit ChatGPT's Gmail connector to leak private emails. OpenAI recently introduced native Google connectors in ChatGPT, allowing automatic access to Gmail, Calendar, and Contacts. The attack involves indirect prompt injection, where malicious instructions are hidden in calendar event data. Users can limit the risk by disconnecting sources or disabling automatic use in ChatGPT settings. The broader issue highlights the susceptibility of AI tools to hostile instructions and the importance of cautious account connections to prevent such attacks.