OpenAI Launches ChatGPT Agents for Subscribers with Security Caution OpenAI activated ChatGPT agents for Plus, Pro, and Team subscribers on Thursday, introducing a novel approach to automate web-based tasks. However, the rollout includes a security warning about potential vulnerabilities to prompt injection attacks. "Agents will access sensitive data from connected sources when logging into websites or enabling connectors," OpenAI noted in its blog post. "This includes emails, files, and account information." The feature also enables actions like file sharing and account modification. OpenAI explicitly warned users about risks from online 'prompt injection' attacks. Prompt injection involves embedding hidden instructions in content AI agents might process, such as blog posts or email messages. Successful attacks could manipulate agents to access private data or transmit sensitive information to malicious servers. Initially announced on July 17 with planned launch on July 24, the agent feature was delayed to accommodate security updates. These AI assistants can now interact with Gmail, Google Drive, GitHub, and perform bookings while browsing websites. While designed to enhance productivity, the technology introduces new security risks related to AI's interpretation of instructions. Steven Walbroehl, CTO and co-founder of Halborn, explained that prompt injection differs from traditional code injection by leveraging natural language ambiguity rather than syntax vulnerabilities. "Code injection uses structured input, whereas prompt injection exploits linguistic flexibility to bypass protections," Walbroehl told Decrypt. He advised users to verify agent sources and implement endpoint encryption, manual overrides, and password managers. Multi-factor authentication may prove insufficient if agents access backup codes or SMS messages. "Even strong passwords fail if keystrokes are recorded," Walbroehl warned. "Biometric verification offers better protection since it relies on inherent traits rather than possessed items." OpenAI recommends using the "takeover" feature to pause agents during credential entry. For future threats, Walbroehl suggested hierarchical security with dedicated monitoring agents. "A watchdog agent can identify suspicious patterns before attacks occur," he concluded.