Would you trust artificial intelligence to manage something as personal as your email? It's not just about the responses it can generate, but about allowing it to perform actions in a space where we store key information about our personal and professional lives. The proposal is tempting: why waste time reviewing messages one by one when you can delegate the task to an AI agent with a simple instruction like, "Analyze my emails from today and gather all the information about the hiring process for new employees"? On paper, the idea is flawless. AI handles the repetitive work, and you regain time for higher-value tasks. However, this "magical" solution can become a considerable risk. What promises efficiency can open the door to attackers. This is demonstrated by recent research from Radware Cybersecurity, which shows how a carefully manipulated email managed to bypass the defenses of ChatGPT's deep research function, turning the AI into a tool for leaking sensitive information. The most concerning aspect is the simplicity of the attack: it doesn't require clicking on links or downloading files. It is enough for the assistant to process a tampered email for confidential data to be sent to a server controlled by the attacker without the user noticing. The success of this attack lies in the combination of classic social engineering techniques, adapted to deceive the AI. An email with hidden instructions in its HTML or metadata can appear to the agent as a legitimate command. Thus, the attack materializes silently and effectively. The consequences go far beyond a simple manipulated email. Since the agent has permissions to act on the inbox, any document, invoice, or strategy shared via email can end up in the hands of third parties without the user realizing it. The risk is twofold: loss of confidential information and difficulty in tracing the leak, as the request originates from the assistant's own infrastructure, not from the company's network. The finding was responsibly communicated to OpenAI, which acknowledged the vulnerability and quickly fixed it. However, the risk persists: this attack pattern could be repeated in other AI environments with similar characteristics, forcing a reevaluation of trust and security in these systems. We are living in a time when AI agents are multiplying, compelling us to redefine our view of digital security. For many, a scenario like this seems unthinkable, even for advanced users. There is no antivirus capable of protecting us from these types of vulnerabilities: the key is to understand the risks and anticipate them. The most striking aspect is that attacks no longer resemble lines of code but rather exercises in natural language persuasion.