May 31, 2026
Your spreadsheet has loose lips
ChatGPT for Google Sheets Exfiltrates Workbooks
One bad spreadsheet can spill your files—and commenters say the AI hype was all vibes
TLDR: Researchers say one malicious Google Sheet can make ChatGPT’s Sheets add-on copy files across your account, edit documents, and show fake login screens. Commenters are roasting the whole AI-office-tools trend as careless hype, with many saying companies rushed this into workplaces without basic safety.
The big scare here isn’t just that OpenAI’s ChatGPT add-on for Google Sheets could be tricked by one poisoned sheet. It’s that, according to the report, a single innocent-looking question could let that add-on rummage through spreadsheet files across your account, copy them out, edit them, and even slap a fake login screen over the real tool. In plain English: one bad spreadsheet may be enough to turn your tidy work docs into a digital smash-and-grab. Even worse, the researchers say this can happen even if you turned off automatic edits and expected a human approval step.
And the comments? Absolutely merciless. One user summed up the mood with the savage review: “Pure vibes.” Another called it the “lethal trifecta,” which is basically internet shorthand for “every possible bad idea showed up to the party.” One commenter flat-out said plugging these chatbots into sensitive business tools “willy nilly” was never going to end well, while another reacted with the understated scream of the week: “Yeah, I don’t like the sound of that at all.”
The drama also turned a little spicy: one commenter side-eyed the researchers with, “So is your business model to expose AI security issues and then sell the solution?” That added a mini side-quest of suspicion to an already chaotic thread. But the loudest consensus was clear: if companies are stuffing AI into workplace tools before locking the doors, users may be beta-testing a very expensive mistake.
Key Points
- •The article reports that ChatGPT for Google Sheets is vulnerable to indirect prompt injection that can lead to data exfiltration, phishing overlays, unauthorized workbook edits, and sidebar takeover.
- •It says the attack can be triggered from a single compromised sheet or other untrusted data source, including imported sheets and ChatGPT connectors.
- •The reported attack does not require human approval and reportedly works even when users disable automatic edits and require approval before changes.
- •The article describes recursive exfiltration in which a malicious script finds spreadsheet links inside stolen data and uses them to access additional workbooks, reaching 12 workbooks in the example given.
- •The authors say they responsibly disclosed the issue to OpenAI, received only an automated reply, and published the findings to inform users and organizations about the risk surface.