Ethereum Vitalik: ChatGPT has jailbreak risks, do not use AI to manage encryption projects.

Ethereum co-founder Vitalik Buterin warned on Twitter on 9/13, (X), urging that crypto assets projects should not allow AI to directly intervene in governance decisions. He pointed out that there have been recent reports of individuals being able to bypass ChatGPT's security protections using a "jailbreak" method, and if maliciously exploited, it could lead to funds being misallocated and even the leakage of user privacy.

ChatGPT ignites security concerns by using jailbreaking techniques to read private emails.

OpenAI updated ChatGPT on 9/13 and added support for the MCP ( Model Context Protocol ) tool, allowing ChatGPT to integrate more flexibly with various software and to play the role of an automated agent more smoothly. On the same day, EdisonWatch founder Eito Miyamura also demonstrated on Twitter ( X ) that by using just an email address, he could entice ChatGPT to leak private email content.

He said that as long as a calendar invitation containing "jailbreak instructions" is sent out, the other party doesn't even have to accept the invitation. Once ChatGPT reviews the calendar later, the AI will read the instructions and be controlled, thereby being forced to search and even forward emails.

Miyamura emphasized that although the system requires users to manually approve, "decision fatigue" is a real phenomenon, and ordinary people may simply click agree. He warned:

"No matter how smart AI is, it can still be deceived by very foolish methods, leading to data leakage."

( Note: MCP, full name Model Context Protocol, refers to a "universal interface" created for AI assistants, allowing various AI models to securely and bidirectionally connect to the external information and services you need. )

(AI World’s USB-C Interface: What is the Model Context Protocol (MCP)? Interpretation of the Universal Context Protocol for AI Assistants )

Vitalik warns against using AI to manage crypto projects.

Currently, many users have started to use AI to create trading robots or investment management portfolios. Some people also want to utilize AI to assist in managing crypto projects, but Vitalik believes this could evolve into systemic vulnerabilities.

Vitalik responded to Miyamura's demonstration, stating that if AI were used to allocate funds, people would surely find ways to insert commands like "jailbreak" plus "give me all the money," so AI should not be used to manage DeFi projects.

( 2025 Latest Five Major Stream LLM Full Analysis, Understanding Payment, Applications, and Security at Once )

Propose Info Finance as an alternative solution.

Vitalik not only criticized but also再次 promoted his "Information Finance" proposal made in November 2024 (Info Finance).

He explained that instead of locking the management mechanism into a single AI model, there should be an "open market where anyone can provide models," allowing external parties to proactively request inspections at any time, which would be reviewed by humans, while also attracting model providers and external speculators to actively supervise, expose, and rectify issues through a reward mechanism.

He stated that this design allows multiple models to check and balance each other, which can reduce the risk of overall management being manipulated by AI during an attack.

(OpenAI's Latest Research: Why GPT-5 and Other LLMs Still Speak Nonsense)

This article Ethereum Vitalik: ChatGPT has jailbreak risks, do not use AI to manage crypto projects first appeared in Chain News ABMedia.