The CyRC Vulnerability Advisory has reported a critical security flaw in EmailGPT, an AI-powered email writing assistant and Google Chrome extension that streamlines your email correspondence using advanced AI technology.
This EmailGPT vulnerability (CVE-2024-5184), known as prompt injection, enables malicious actors to manipulate the service, potentially leading to the compromise of sensitive data. The core of this vulnerability in EmailGPT is the exploitation of API service, which allows malicious users to inject direct prompts, thereby gaining control over the service’s logic.
By coercing the AI service, attackers can force the leakage of standard system prompts or execute unauthorized prompts, paving the way for various forms of exploitation. The implications of this EmailGPT vulnerability are profound.
By submitting a malicious prompt, individuals with access to the service can extract sensitive information, initiate spam campaigns using compromised accounts, or fabricate misleading email content, contributing to disinformation campaigns. Beyond data breaches, exploiting this vulnerability could result in denial-of-service attacks and direct financial losses through repeated requests to the AI provider’s API.
“When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service”, reads the CyRC Vulnerability Advisory.
With a CVSS score of 6.5 (Medium), the severity of this vulnerability highlights the urgency of remedial action. Despite the efforts of CyRC to engage with EmailGPT developers through responsible disclosure practices, no response has been received within the stipulated 90-day timeline. Consequently, the “CyRC recommends removing the applications from networks immediately”.
As users navigate this security challenge, staying informed about updates and patches will be paramount to ensuring continued secure service use. Given the evolving landscape of AI technology, maintaining vigilance and implementing robust security practices are imperative to thwart potential threats.
The EmailGPT vulnerability, CVE-2024-5184, serves as a stark reminder of the critical importance of prioritizing security in AI-powered tools. By heeding the recommendations of the CyRC and taking proactive measures to mitigate risks, users can safeguard their data and uphold the integrity of their digital communication systems.
This week’s The Cyber Express roundup covers ransomware, AI risks, geopolitical threats, and key developments in global cybersecurity news.
DeepSeek changed the calculation. When the House Select Committee on China concluded in early 2025 that the Chinese AI company…
The Apple age verification measures align with broader enforcement efforts under the UK’s online safety framework.
EU and ENISA act to protect the bedrock cyber vulnerability CVE Program after funding concerns raise risks of fragmentation and…
Energy sector ransomware surged in 2025 as ransomware groups exploited vulnerabilities and used FrostyGoop malware to disrupt infrastructure.
Reporting mechanisms for illegal content are also part of the Digital Services Act child protection investigation.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More