Security News > 2023 > December > OpenAI rolls out imperfect fix for ChatGPT data leak flaw

OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. According to the researcher who discovered the flaw, the mitigation isn't perfect, so attackers can still exploit it under certain conditions.
Security researcher Johann Rehberger discovered a technique to exfiltrate data from ChatGPT and reported it to OpenAI in April 2023.
GPTs are custom AI models marketed as "AI apps," specializing in various roles such as customer support agents, assisting in writing and translation, performing data analysis, crafting cooking recipes based on available ingredients, gathering data for research, and even playing games.
"Since ChatGPT is not open source and the fix is not via a Content-Security-Policy the exact validation details are not known."
ChatGPT down after major outage impacting OpenAI systems.
OpenAI confirms it's not killing off ChatGPT plugins for now.
News URL
Related news
- Browser-Based Data Leaks: 3 Biggest Data Security Challenges Today (source)
- Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks (source)
- Cardiff's children's chief confirms data leak 2 months after cyber risk was 'escalated' (source)
- OpenAI says Deep Research is coming to ChatGPT free "very soon" (source)
- Royal Mail investigates data leak claims, no impact on operations (source)
- OpenAI's $20 ChatGPT Plus is now free for students until the end of May (source)
- OpenAI tests watermarking for ChatGPT-4o Image Generation model (source)
- OpenAI wants ChatGPT to know you over your life with new Memory update (source)
- Western Sydney University discloses security breaches, data leak (source)
- Leak confirms OpenAI's GPT 4.1 is coming before GPT 5.0 (source)