Security News > 2023 > December > OpenAI rolls out imperfect fix for ChatGPT data leak flaw
OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. According to the researcher who discovered the flaw, the mitigation isn't perfect, so attackers can still exploit it under certain conditions.
Security researcher Johann Rehberger discovered a technique to exfiltrate data from ChatGPT and reported it to OpenAI in April 2023.
GPTs are custom AI models marketed as "AI apps," specializing in various roles such as customer support agents, assisting in writing and translation, performing data analysis, crafting cooking recipes based on available ingredients, gathering data for research, and even playing games.
"Since ChatGPT is not open source and the fix is not via a Content-Security-Policy the exact validation details are not known."
ChatGPT down after major outage impacting OpenAI systems.
OpenAI confirms it's not killing off ChatGPT plugins for now.
News URL
Related news
- A data leak and a data breach (source)
- 5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage (source)
- OpenAI confirms threat actors use ChatGPT to write malware (source)
- Pokemon dev Game Freak confirms breach after stolen data leaks online (source)
- Troubled US insurance giant hit by extortion after data leak (source)
- Interbank confirms data breach following failed extortion, data leak (source)
- OpenAI's new ChatGPT Search Chrome extension feels like a search hijacker (source)