Experts warn of privacy risks as AI firms looks to connect to financial accounts

OpenAI announced Friday that it is rolling out a new ChatGPT feature allowing users to connect all of their financial accounts to the chatbot for personal finance advice, a move which is raising concerns among privacy and cybersecurity experts.

The financial tech company Plaid, which connects individuals’ bank accounts to third party financial apps, is supporting the new feature. In the near future, the ChatGPT financial planning platform will also be powered by Intuit, which offers personal finance, tax prep and small business accounting software.

The feature is now available for paid subscribers to ChatGPT Pro, but will be rolled out to Plus users in the future, with the “goal of making it available to everyone” in the future, according to a ChatGPT blog post about the offering.

The platform can integrate information from more than 12,000 financial institutions, including the brokerage platform Robinhood, major banks like Bank of America, credit card companies like American Express and the investment firm Charles Schwab.

Once users connect their accounts to ChatGPT they will be able to access a dashboard that gives them “an up-to-date view of where you stand across portfolio performance, spending, subscriptions, upcoming payments, and more,” the blog post said. 

More than 200 million people a month already come to ChatGPT for budgeting, investment and other financial advice, according to OpenAI.

Recent improvements in the artificial intelligence giant’s GPT-5.5, an advanced model which can analyze complicated and multi-step tasks, are supporting the new feature.

“With your financial accounts connected, ChatGPT can combine that reasoning with your real financial context and what you’ve shared about your goals, lifestyle, and priorities, helping you spot patterns, understand tradeoffs, and plan for big decisions in a way that feels more personal and complete,” according to the blog post.

The feature will allow people to “stay in control” of their data, the blog post said, including by allowing users to disconnect their accounts whenever they want. Once accounts are disconnected, the blog post said, users’ ChatGPT conversation history will remain intact though users can always delete individual conversations, the blog post said.

Users also will be able to erase “financial memories,” the way key details about financial goals, investments and overall positioning are stored by the chatbot.

“Temporary chats” will be offered, allowing users to have conversations with the chatbot that don’t allow it to access financial accounts and don’t save in users’ histories.

But these safeguards may not be enough to shield user privacy, according to Ridhi Shetty, senior policy counsel at the Center for Democracy and Technology’s Privacy & Data Project.

“Even if ChatGPT's new feature doesn't access full account numbers or have the ability to make changes to financial accounts, the financial information it does collect can reveal deeply personal details about a person’s life, habits, vulnerabilities, and relationships,” Shetty said via email.

OpenAI's announcement does not address whether the financial data could eventually be used to support advertising or other commercial targeting, “despite the obvious incentives to do so,” Shetty added.

She also questioned the reliability of a chatbot’s financial guidance and the lack of professional standards offered by a “tool that doesn't abide by the obligations that professional financial advisors have to protect clients' privacy and act in their best interests,” Shetty said.

Cybersecurity experts also worry that the tool poses risks.

While the “view only” aspect of the platform is “meaningfully safer than an agent that can move money or change accounts… view-only does not mean low-risk: if someone takes over your ChatGPT account, they may get a consolidated picture of your balances, spending, investments, debts, goals and financial history,” said Diana Kelley, chief information security officer at Noma Security, a New York City-based unified AI security and governance platform.

Users should use multi-factor authentication, log out of other sessions, review memory settings, disable training for sensitive chats and delete both chats and memories when they no longer need the information stored, Kelley cautioned.

The centralization of the financial data inside a single platform also is risky, creating a high-value target for account takeover attacks because a single security breach could provide hackers with a detailed map of users’ net worth and spending habits, said Ram Varadarajan, CEO at Acalvio, a leader in cyber deception technology.