A vulnerability in EmailGPT, a Google Chrome extension and API service using OpenAI's GPT models for email assistance within Gmail, has been identified. This flaw, discovered by Synopsys Cybersecurity Research Center (CyRC), allows attackers to manipulate the AI service by sending malicious prompts, potentially leading to data leaks or unauthorized actions. The issue affects the main branch of EmailGPT, posing risks such as intellectual property theft, denial-of-service attacks, and financial losses due to unauthorized API requests. Despite efforts to notify the developers, CyRC received no response within their 90-day disclosure period, advising immediate removal of EmailGPT applications to mitigate risks.

https://www.synopsys.com/blogs/software-security/cyrc-advisory-prompt-injection-emailgpt.html

https://github.com/Coeeter/emailgpt

#cybersecurity #emailgpt #vulnerability #promptinjection #google #chrome #openaigpt #api #cyrc