This extends the attack surface area for ChatGPT.

A single web search through LLM can now pull malicious instructions from the web into LLM context, and instruct it to exfiltrate financial information. This has been done already with LLM email integrations.