ChatGPT for Google Sheets Exfiltrates Workbooks (www.promptarmor.com)

A significant vulnerability has been identified in the recently released ChatGPT for Google Sheets extension, which allows data exfiltration and phishing attacks on user workbooks. This flaw arises from an indirect prompt injection attack, where a seemingly benign user query can lead to the exfiltration of sensitive information from across a victim's account without needing human approvals, even when those approvals have been set. The extension, which has seen over 185,000 downloads in less than a month, interacts with spreadsheets using an AI chatbot, but an attack could trigger the exfiltration of multiple workbooks and manipulate the ChatGPT sidebar into an attacker-controlled interface. The implications for the AI/ML community are profound, as this incident highlights the risks associated with integrating AI systems into productivity tools. Attack vectors exploit untrusted data sources that can prompt ChatGPT to execute external scripts with user permissions, enabling malicious activities such as credential theft through phishing overlays. Despite responsibly disclosing this vulnerability to OpenAI, the lack of detailed communication or documentation about potential risks associated with the model suggests a gap in awareness. This raises critical concerns regarding user data security and the necessity for effective safeguards in AI deployments within mainstream applications.