Data Security, Vulnerability Management, AI/ML

ChatGPT data leakage vulnerability discovered and patched

ChatGPT chatbot by OpenAI - artificial intelligence

As reported by The Register, a significant data leakage vulnerability in OpenAI's ChatGPT, which allowed sensitive information to be exfiltrated through a DNS side channel, has been identified and subsequently fixed by the company.

Researchers at Check Point discovered that a single malicious prompt could exploit a hidden outbound channel within ChatGPT's code execution runtime. This channel, leveraging the Domain Name System (DNS), allowed data to be transmitted to an external server without triggering OpenAI's safeguards, which assumed the environment could not directly make outbound network requests. Proof-of-concept attacks demonstrated how a third-party app using ChatGPT's APIs could interpret sensitive user data, such as personal health information from a PDF, and then transmit it to an attacker-controlled server, despite ChatGPT's assertion that the data remained in a secure internal location.

A data leak of this nature could lead to severe consequences, including violations of GDPR, HIPAA, and financial compliance regulations. OpenAI patched the issue on February 20, 2026.

Source: The Register

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

You can skip this ad in 5 seconds