frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

OpenAI is connecting ChatGPT to bank accounts via Plaid

https://firethering.com/chatgpt-bank-account-plaid-openai/
55•steveharing1•1h ago

Comments

ernsheong•1h ago
What could go wrong
steveharing1•32m ago
It won't go wrong if you don't wanna use this feature but if you do then its upto you that you''re trusting a for profit company that much that you provide them with your confidential data.
righthand•1h ago
“Let the bodies hit the floor!”
hyperionultra•1h ago
Do we still have a choice to not use?
steveharing1•1h ago
You absolutely do not have to use the new financial feature. Its optional
reaperducer•58m ago
Until every web site and bank requires you to use it because their CTO saw an ad in an airport that said it was a good idea and makes line go up.

"Leadership" today is monkey-see, monkey-do.

See also: Sign in with Google on every web site, even if you don't have a Google account; and Cloudflare interrupting your web surfing every six minutes to make sure you haven't be absorbed by the Borg.

parliament32•1h ago
Little doubt the true motivation behind this is the advertising angle. What better way to advertise to consumers than seeing exactly what they're spending money on, historically and in near-realtime?
Zenst•1h ago
All set for a perfect storm with a single exploit down the line. Which could take out so much and OpenAI with it. What a way to burst the bubble, not an if, more a when as so many eggs in that basket and they have yet to invent a solid lid.

Reminds me of the underpant gnomes in many ways

Collect underpants ???AI??? Profit

JumpCrisscross•59m ago
> Which could take out so much and OpenAI with it

I guess I’m not seeing the systemic failure mode with a Plaid hook-up? The worst case is it sends a bunch of peoples’ money into the aether. That sucks for them and for OpenAI. But I’m not seeing it e.g. collapsing a bank.

warkdarrior•55m ago
A meme prompt with a prompt injection in it would easily reach millions of ChatGPT users.
simianwords•49m ago
can you give an example of how it can work?
cyanydeez•55m ago
just takes a single corrupt prompt and a class action lawsuit is easily primed.

But yeah, can't have a systemic failure in the grift economy.

dude250711•1h ago
The only better idea would be a Robinhood integration.
ReptileMan•57m ago
Polymarket.
frangonf•50m ago
And Sports Bets and casino integrations.
forinti•1h ago
People will pay for OpenAI to have access to their financial data??
mcphage•56m ago
I wonder if I could pay someone to run me over with a bus.
nonethewiser•49m ago
Sure. But it's going to be expensive. It actually costs me a lot of money to provide a "running you over with a bus" service.
rprenger•34m ago
Didn't Matt Levine tell a story about Masayoshi Son doing that? https://news.ycombinator.com/item?id=21427688
lacy_tinpot•34m ago
What do you think plaid is doing?

OpenAI is just a new-ish player.

andy_ppp•1h ago
It’s like we are trying to run as fast as possible towards an AI controlled disaster by connecting absolutely everything we can to the AI… even in the worst sci-fi the robots need to steal codes to get access to systems and we are just leaving the door wide open.
lenerdenator•53m ago
We're not trying to run as fast as possible towards anything. It's a bunch of investors trying to run as fast as possible towards the AI controlled disaster, or as they see it, an AI controlled unlocking of value.
micromacrofoot•48m ago
don't worry, we'll have plenty of human controlled disasters from this before we even get to agi
carlos-menezes•1h ago
I feel like every single day OpenAI and Anthropic are entrenching their slopware in everyday products and workplaces with little to no way to opt-out. This is getting dystopian.
frb•49m ago
Was thinking the same recently.

It feels like an arms race on who’s gonna become the Microsoft of the 90s, trying to own and provide everything.

I think it will play out in the same way

frb•59m ago
I’m generally positive towards AI and LLMs..

BUT there’s just things that nobody should be doing ever, like give it access to your production system or bank account.

cyanydeez•59m ago
People have been electing a clear grifter in multiple countries to do the same, so, you know, people gonna people.
carlos-menezes•57m ago
I feel like we're now at a point where that's a hot take.
rvz•51m ago
But LLMs are like humans!

Nothing wrong about with giving them access to your bank or savings accounts /s

binarymax•59m ago
I’ve been asked to sign up to plaid by clients three times. Each time I’ve said no. I’m not giving a 3rd party access to my bank account. I don’t understand how people enable this total loss of friction for direct account egress. There needs to be friction.
chao-•54m ago
Refinancing a loan I passed on the lowest possible rate I could get, for a slightly higher one, specifically because they used Plaid.

I'm not the most privacy-focused individual, not nearly as paranoid as I could be, but Plaid's model is an OBVIOUS step too far.

njovin•36m ago
Depending on the rate difference, I'd be tempted to setup a 'burner' checking account at a separate financial institution and just auto-transfer the loan amount from my primary bank to the burner every month.
lazide•30m ago
That generally wouldn’t pass underwriting. They want the account the money is coming from to be the account with history and money in it already.
el_benhameen•12m ago
Really? Both times I got a loan they wanted bank statements from all of my main accounts and verifiable income history, but they didn’t care that I was paying from an account that I had just opened for the specific purpose of paying the loan.
josephscott•44m ago
One thousand times this. I am not giving away the keys to my bank accounts.
lxgr•30m ago
It’s worse than keys, it’s a persistent read-only view of all account data.

At least there is a process for unauthorized ACH debits. For this blatant breach of privacy, there is nothing.

hypeatei•44m ago
Have you ever entered your routing+account number into HR software for direct deposit? Doesn't that qualify as handing a third party essentially the same access as Plaid gets? I think bank accounts are generally more accessible in the modern era, it's just a risk that you take.

Of course, you're not obligated to use Plaid but I do find the concerns around this quite strange since you're likely exposing account information already.

liveoneggs•40m ago
plaid asks for your bank username and password not just your routing + account
whycombinetor•39m ago
Plaid wants you to enter your bank username-password into their form. If it was just routing+account it would be truly no different than other bank connection methods.
formerly_proven•34m ago
Plaid works a lot like PSD2-based services in the EU then, which also typically consist of a form hosted by the service using Times New Roman and the original padlock.gif from Netscape asking for your IBAN and online banking password and then a TAN/2FA number. Obviously there are no technical controls at that point to what the service can do in your account. I tend to avoid anything PSD2 for much the same reasons as Plaid, it's extremely sketchy. Somehow we can have scoped access using OAuth for random webservices but for a credit check it's "please just give us your online banking login despite everyone telling you since 1995 that you're not supposed to hand that to anyone and always double check the URL in the address bar to be yourbank.com... we assure you nl-gwlogin.xs2a.openbankingservices.co.net is an entirely legitimate place to enter your PIN"
redserk•38m ago
With plaid they get access to all of your account numbers.

HR just sees a single savings account that I strictly use for direct deposit. They don’t see my actual savings account or my other purpose-specific checking accounts.

hypeatei•30m ago
Sure, but GP mentioned direct account egress which is why I brought up the typical method for doing that. I figured banks are already selling / reporting the other information (account types, amounts, transactions, etc.)

As an aside, I think each permission has to be granted explicitly in Plaid so it's not just getting "root" access to do simple transactions (unless you grant it)

webo•36m ago
routing+account numbers are not that sensitive. that's been API for how we transact money since pre-historic times. plaid gets access to your online account with access personal data, security details, documents, transactions, statements, write-access etc.
buzer•31m ago
Whenever I have seen the Plaid integration it will also ask permission to your transactions. HR software won't get those when I provide it my account & routing numbers.
lazide•30m ago
Generally no. Plaid access generally includes whatever name you put on the account, as well as transaction history.
lxgr•29m ago
It’s roughly the difference between giving somebody your phone number and letting them eavesdrop on every single call.
gavinsyancey•27m ago
The same info is also on checks, and there's an established story around fraud there -- if I didn't authorize an ACH withdrawal then my bank is legally required to make me whole. If I hand over my username+password to a third party, I'm on my own.

Also, the routing+account numbers just let them deposit/withdraw money, not snoop on all my transactions and harvest my data...

webo•40m ago
Hijacking this comment to complain about fintech apps / saas providers requiring Plaid - please stop.

For example, Coinbase requires logging in with Plaid to... setup auto-pay for their credit card statements. No way to just provide account/routing numbers the good ole way.

There's lots of issues with Plaid but one big one is that banks (e.g big ones like BofA) can lock your account due to suspicious login with Plaid.

https://x.com/kanateven/status/1973793740331368841

measurablefunc•37m ago
They're a YC company so every other YC company is going to use them, that's how YC companies operate.
webo•34m ago
Plaid has an option to let the client/provider accept plain account + routing numbers, a lot of apps for whatever purpose don't use it.
necubi•23m ago
This isn't at all how YC companies operate (source: I did YC), but also... Plaid is not YC.
alexr243•23m ago
Plaid is not a YC company
lxgr•31m ago
They do because their banks are largely not offering anything more fine grained, because they don’t have to, and in fact doing so would cannibalize their debit card business.

Requesting full account access for anything other than maybe budgeting software should just not be legal.

asah•22m ago
easy - just keep a small amount (small %) in that account.
superkuh•58m ago
While openai's use of Plaid's spying on bank accounts is framed as a service it's real use case will be identification. Very few people if any will sign up to use this voluntarily. But it is a way to get users used to Plaid's spying and start slowly boiling the frog.

The endgame I see is that it will be illegal to communicate on the internet without having a proven bank account. At least in the USA where all ID verification is settling on banks (ie, Plaid). And the banks will tolerate 10,000 false positive denials of service to avoid a single false negative and be happy about it. Plaid even more so. Human beings will have no recourse as they are private companies. This really should be a service that the states of the federal government provide. It's a dark future we're speeding towards.

ReptileMan•57m ago
Today's edition of "What could possibly go wrong" presents ...
drcode•55m ago
It seems like every three years or so I need to use a tool with a plaid link feature, I try it, it gives some internal plaid error, then I find some other way of solving the issue.
Marsymars•23m ago
Plaid is glitchy enough that whenever I hit a workflow that has no alternative, I just call the customer support line and tell them I get an error when trying to link my account via plaid, and they invariably have a manual way to do the thing on their end.
cbg0•53m ago
> OpenAI did this with your health data in January. Now it wants your financial data too.

This is far more valuable, they can see what political affiliation you have based on your campaign donations, predict things like cheating on your wife & the impending divorce, what vices you have and they can also build shadow profiles of all the people you give and receive money from even if they don't use the product.

fontain•48m ago
it is far more valuable to know the type of boring things boring people buy in their boring daily lives
gruez•48m ago
>they can see what political affiliation you have based on your campaign donations

You can get a pretty good estimate just by looking at other demographic factors like age, education level, income, and zip code. Moreover, how many people actually donate to campaigns?

>predict things like cheating on your wife & the impending divorce, what vices you have and they can also build shadow profiles of all of the people you give and receive money from even if they don't use the product.

Google has all this capability for at least a decade. What concrete harms have actually materialized?

kridsdale1•40m ago
OpenAI is now run by former Meta executives.
gruez•28m ago
Okay, what concrete harms has Meta done with this information? At best you have some creeps using it to stalk their exes, which is bad, but a far cry from the AI takeover scenario implied by OP.
cbg0•13m ago
I haven't implied an AI takeover, this data will be repackaged into a product for military/intelligence, political applications, insurance companies that can charge you more because they know you're willing to pay, and many more.

These things already exist and happen, it's about the data getting better and not having to build tools to query it and make projections, since you can just type a query into a box even if you're not a data scientist.

rixed•48m ago
If all they wanted was to know more about your profile, they could already buy this information form the bank I presume.
arrosenberg•41m ago
Campaign donations are already public if you donate over $200 - https://www.opensecrets.org/donor-lookup
lxgr•27m ago
I’d be willing to bet that ChatGPT will know the average user’s political affiliation and vices about three messages in.

The difference is that banking records are harder to falsify, so there’s that.

drcode•51m ago
The comments here do seem to ignore that rocketmoney exists, and that many people use it
dfee•50m ago
What's the local version of this? What's the best way to pull in my finance data locally, without clicking through to each portal? (USA)
pesus•49m ago
Lovely! It's probably inevitable this will fuck over people eventually. Sam may as well prepare his next blog post ahead of time.
delis-thumbs-7e•46m ago
Why don’t you just ask for my blood? I can bottle it and send it over for Sama to drink for breakfast.

This exactly the same shit Zuck did with Facebook. Hell with them all.

cdrnsf•44m ago
Only if it helps me buy more stock in GameStop
rfrey•38m ago
Man, I remember when the common wisdom was that there would NEVER be enough people willing to put their credit card into a web browser to support a business.

I never expected to be nostalgic for those days.

xandrius•33m ago
To be fair most frequently people online use debit cards which can be frozen if something goes wrong.
lazide•27m ago
Uh, debit cards are the worse as they (technically) don’t allow you to dispute charges like in a credit card. Money comes right out of your account first, and then you have to try to get it back.

Don’t use debit cards online.

TheChaplain•34m ago
Stupid question, but what if you just open an account at a credit union, then have that one connected to plaid?

If it needs to see transactions, just have your salary deposited there, then an automatic transfer the same day to your real account?

bubblegumcrisis•28m ago
I'm not sure if Plaid still is- but when they first came out they were pretty evil. They would go into your accounts and download all activity. I spent many hours e-mailing them, trying to get a clear answer of what data they collect- and they never said no to anything.

Whenever I've been forced to use Plaid, I use a throw away "free-checking" bank account that has $1 in it.

I guess birds of a feather flock together.

Project Gutenberg – keeps getting better

https://www.gutenberg.org/
241•JSeiko•1h ago•76 comments

A 0-click exploit chain for the Pixel 10

https://projectzero.google/2026/05/pixel-10-exploit.html
208•happyhardcore•4h ago•87 comments

I designed a nibble-oriented CPU in Verilog to build a scientific calculator

https://github.com/gdevic/FPGA-Calculator
16•gdevic•47m ago•1 comments

Image-blaster: Creates 3D environments, SFX, and meshes from a single image

https://github.com/neilsonnn/image-blaster
37•MattRogish•2h ago•7 comments

O(x)Caml in Space

https://gazagnaire.org/blog/2026-05-14-borealis.html
196•yminsky•7h ago•39 comments

ASCII by Jason Scott

https://ascii.textfiles.com/
86•bookofjoe•4h ago•13 comments

Explore Wikipedia Like a Windows XP Desktop

https://explorer.samismith.com/
387•smusamashah•9h ago•99 comments

Hightouch (YC S19) Is Hiring

https://hightouch.com/careers
1•joshwget•1h ago

I built Zenith: a live local-first fixed viewport planetarium

https://smorgasb.org/zenith-tech/
35•surprisetalk•2h ago•3 comments

Show HN: Watch a neural net learn to play Snake

https://ppo.gradexp.xyz/
43•c1b•1d ago•6 comments

Aperio Lang

https://aperio-lang.github.io/aperio/introduction.html
13•mmcclure•50m ago•2 comments

Radicle: Sovereign {code forge} built on Git

https://radicle.dev/
156•KolmogorovComp•5h ago•39 comments

High dimensional geometry is transforming the MRI industry (2017) [pdf]

https://www.ams.org/government/DonohoPresentation06-28-17Final.pdf
55•nill0•4h ago•14 comments

U.S. DOJ demands Apple and Google unmask over 100k users of car-tinkering app

https://macdailynews.com/2026/05/15/u-s-doj-demands-apple-and-google-unmask-over-100000-users-of-...
36•tencentshill•35m ago•9 comments

A new book on Steve Jobs at NeXT

https://spectrum.ieee.org/steve-jobs-next-computer
121•rbanffy•7h ago•101 comments

We don't know why Malawi is poor

https://newsletter.deenamousa.com/p/we-dont-know-why-malawi-is-poor
43•alphabetatango•1h ago•44 comments

Removing the modem and GPS from my 2024 RAV4 hybrid

https://arkadiyt.com/2026/05/13/removing-the-modem-and-gps-from-my-rav4/
1015•arkadiyt•1d ago•534 comments

Show HN: Sx – an open-source package manager for AI skills, MCPs, and commands

https://github.com/sleuth-io/sx
5•detkin•1h ago•1 comments

Amazon workers under pressure to up their AI usage are making up tasks

https://www.fastcompany.com/91541586/amazon-workers-pressured-to-up-ai-use-extraneous-tasks
201•hackernj•4h ago•183 comments

Trade Dollars with other startups. Book it as revenue

https://www.revswap.ai/
154•tormeh•4h ago•109 comments

A few words on DS4

https://antirez.com/news/165
397•caust1c•19h ago•162 comments

OpenAI is connecting ChatGPT to bank accounts via Plaid

https://firethering.com/chatgpt-bank-account-plaid-openai/
55•steveharing1•1h ago•80 comments

NanoTDB – Golang Append-Only Time Series DB

https://github.com/aymanhs/nanotdb
39•aymanhs72•7h ago•6 comments

Details of the Daring Airdrop at Tristan Da Cunha

https://www.tristandc.com/government/news-2026-05-11-airdrop.php
229•kspacewalk2•14h ago•88 comments

Ask HN: How to be SOC2 Type 2 compliant as a solo-entreprenuer?

80•sochix•10h ago•76 comments

RTX 5090 and M4 MacBook Air: Can It Game?

https://scottjg.com/posts/2026-05-05-egpu-mac-gaming/
668•allenleee•1d ago•159 comments

Building ML framework with Rust and Category Theory

https://hghalebi.github.io/category_theory_transformer_rs/
84•adamnemecek•1d ago•17 comments

First public macOS kernel memory corruption exploit on Apple M5

https://blog.calif.io/p/first-public-kernel-memory-corruption
421•quadrige•23h ago•113 comments

We are retiring our bug bounty program

https://turso.tech/blog/the-wonders-of-ai
321•tjek•4h ago•233 comments

Codex is now in the ChatGPT mobile app

https://openai.com/index/work-with-codex-from-anywhere/
443•mikeevans•21h ago•222 comments