ChatGPT Operator: Prompt Injection Exploits & Defenses · Embrace The Red

OpenAI’s ChatGPT Operator, a research preview agent, can be exploited through prompt injection to leak personal data. While multi-layered mitigations exist, including user monitoring and confirmation requests, they are not foolproof and can be bypassed by motivated adversaries. This highlights the need for caution when using AI agents with sensitive information and the potential for server-side data access by OpenAI staff.