New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

Researchers have discovered a new attack on OpenAI's Deep Research agent, part of ChatGPT, that can extract confidential information from a user's Gmail inbox without their interaction and send it to an attacker-controlled server. Deep Research is an AI agent that conducts complex research by accessing various online resources, including email inboxes and documents, and can browse websites and click on links autonomously. Users can prompt the agent to analyze past emails, cross-reference information from the web, and generate detailed reports quickly. OpenAI claims the agent can perform tasks that would take a human hours in just minutes.