Security News > 2023 > December > OpenAI rolls out imperfect fix for ChatGPT data leak flaw
OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. According to the researcher who discovered the flaw, the mitigation isn't perfect, so attackers can still exploit it under certain conditions.
Security researcher Johann Rehberger discovered a technique to exfiltrate data from ChatGPT and reported it to OpenAI in April 2023.
GPTs are custom AI models marketed as "AI apps," specializing in various roles such as customer support agents, assisting in writing and translation, performing data analysis, crafting cooking recipes based on available ingredients, gathering data for research, and even playing games.
"Since ChatGPT is not open source and the fix is not via a Content-Security-Policy the exact validation details are not known."
ChatGPT down after major outage impacting OpenAI systems.
OpenAI confirms it's not killing off ChatGPT plugins for now.
News URL
Related news
- Telefónica confirms internal ticketing system breach after data leak (source)
- OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries (source)
- FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (source)
- Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations (source)
- OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns (source)