When Chatgpt turns into a spy in spite of himself, the alert becomes impossible to ignore. The co -founder of Ethereum joins the concern concert after the discovery of a critical flaw that allows the exfiltration of personal data via the OPENAI IA. An alert that resonates particularly in the crypto ecosystem where security remains essential.
In short
- Vitalik Buterin alerts the Chatgpt security faults and criticizes the naive governance of AI.
- An Oxford engineer demonstrates how Chatgpt can be hacked via simple calendar invitations.
- These vulnerabilities are added to the massive leaks of chatgpt conversations already indexed by Google.
A disturbing flaw that puts chatgpt on the hot seat
A software engineer graduated from Oxford, Eito Miyamura, recently sounded the alarm on X (ex-Twitter).
Last Wednesday, he revealed a major security flaw in Chatgpt, following the complete deployment by OPENAI of the MCP (Model Context Protocol) protocol. This update allows the chatbot to directly access personal services such as Gmail, Google Agenda or SharePoint.
Miyamura and her team conducted such an ingenious as they are worrying. Their observation: it is possible to exfiltrate sensitive data via a simple invitation to an event in the victim's calendar.
This invitation contains a “Jailbreak prompt” concealed. If the user accepts the invitation, then asks Chatgpt to organize his day, the AI consults the calendar, reads the trapped message, and … executes the attacker's orders.
Result: private emails can be analyzed and data automatically sent to a malicious address.
“” AI agents as chatgpt follow your orders, not your common sense. Summarizes Miyamura.
And this is the danger. As users get into the habit of mechanically clicking on “approving” in the face of AI suggestions, the entry doors for attacks become more numerous, and easier to exploit.
Vitalik Buterin alerts a critical flaw in AI
This alert did not fail to react Vitalik Buterin. The co -founder of Ethereum, accustomed to anticipating technological drifts, reacted by stressing that this is a perfect example of what he calls “naive governance of AI”.
In other words, entrusting critical tasks – such as managing sensitive funds or access – to a single LLM (model of language) centralized is to reach out to the attackers. Jailbreaks are proof of this.
As an alternative, Buterin defends the infofinance model. Rather than a closed system, it advocates:
- An open market where everyone can offer their own models;
- Punctual checks (“spot checks”) triggered by anyone, to check the behavior of the models;
- An assessment by human juries, in order to ensure transparency and robustness.
This type of architecture, he explains, is more resilient: the diversity of models prevents risk concentration, and integrated incentives push the actors to monitor and quickly correct failures.
A broader phenomenon that questions our relationship to data
This vulnerability is part of a much more alarming context revealed in recent weeks. Thousands of conversations generated by Chatgpt – made public by their users via the “Share” function – were indexed by Google and archived in the Wayback Machine.
These exchanges present a multitude of sensitive data: personal confessions, medical information, human resources files or even strategic business elements.
But the problem goes far beyond a simple individual recklessness. The real threat lies in the very structuring of these conversations. The AI does not produce isolated scraps, but complete stories, logics, chained.
It connects ideas, keeps the thread of the context, and builds a fluid narration with introduction, development, conclusion … and often, crossed references. This format gives leaks a formidably exploitable consistency.
Where an attacker had to assemble scattered fragments, he now accesses a ready -to -use corpora, where names, dates, intentions and decisions are contextualized, hierarchical, and directly usable. This automatic structuring considerably increases the strategic value of the slightest data leak.
Faced with the magnitude of this exhibition, Openai quickly disabled the indexable sharing function and requested Google to withdraw the results concerned. But that is not enough. The copies archived in external environments, such as the Wayback Machine, remain accessible … and out of the range of deletion requests. These data remain accessible, persistent, and potentially usable in the long term.
In short, Vitalik Buterin's alert does not aim to demonize AI, but to empower its creators and users. If artificial intelligence becomes a digital Swiss knife, it can also turn into a double -edged blade. To avoid it, security should no longer be an option, but an architecture.
Maximize your Cointribne experience with our 'Read to Earn' program! For each article you read, earn points and access exclusive rewards. Sign up now and start accumulating advantages.
