Full Report
OpenAI wants ChatGPT to know more about you, including your emails, calendar events in Google Calendar and even your Google contacts to reference everything in a conversation. [...]
Analysis Summary
# Main Topic
OpenAI is rolling out support for Google Connectors within ChatGPT (starting with Pro subscribers), allowing the AI model to access and reference user data from Gmail, Google Calendar, and Google Contacts directly within conversations.
## Key Points
- The integration utilizes "Connectors" technology to link third-party services to ChatGPT.
- The primary benefit is enabling ChatGPT to "reference everything in a conversation" by accessing personal data such as emails, calendar events, and contact lists.
- The feature rollout began globally for ChatGPT Pro users this week, expanding to Plus, Team, Enterprise, and Edu plans in the following weeks.
- Users can enable these connectors in Settings → Connectors → Connect, although prior authorization for "deep research" access automatically enables Connector functionality.
## Threat Actors
- No specific threat actors or malicious groups are mentioned in relation to this feature rollout; the context describes a legitimate product expansion by OpenAI.
## TTPs
- Access Mechanism: Utilization of Google Connectors to establish authenticated access to Google services (Gmail, Calendar, Contacts).
- Data Reference: ChatGPT is configured to pull relevant data from these services to inform or enhance user conversation responses.
- MITRE ATT&CK: N/A (Describing a feature implementation, not an attack).
## Affected Systems
- **Service Provider:** OpenAI ChatGPT (specifically Pro, Plus, Team, Enterprise, and Edu plans).
- **Data Sources:** Google Services (Gmail, Google Calendar, Google Contacts).
- **Scope:** Users who opt-in to connect these personal or professional Google accounts to their ChatGPT instances.
## Mitigations
- **User Control:** Users must actively enable or disable Google Connectors via Settings → Connectors.
- **Deep Research Overlap:** Users who previously enabled "deep research" access for these services do not need to take further action as the functionality is inherited or integrated.
## Conclusion
This development significantly increases the scope of personal data accessible by the ChatGPT model, enhancing conversational utility but simultaneously elevating the data privacy risk profile associated with using the service. Users should exercise caution and review their privacy settings, particularly concerning granting comprehensive access to sensitive productivity data like emails and contacts.