Security News > 2023 > December > OpenAI rolls out imperfect fix for ChatGPT data leak flaw

OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. According to the researcher who discovered the flaw, the mitigation isn't perfect, so attackers can still exploit it under certain conditions.
Security researcher Johann Rehberger discovered a technique to exfiltrate data from ChatGPT and reported it to OpenAI in April 2023.
GPTs are custom AI models marketed as "AI apps," specializing in various roles such as customer support agents, assisting in writing and translation, performing data analysis, crafting cooking recipes based on available ingredients, gathering data for research, and even playing games.
"Since ChatGPT is not open source and the fix is not via a Content-Security-Policy the exact validation details are not known."
ChatGPT down after major outage impacting OpenAI systems.
OpenAI confirms it's not killing off ChatGPT plugins for now.
News URL
Related news
- FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (source)
- Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations (source)
- OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns (source)
- OpenAI bans ChatGPT accounts used by North Korean hackers (source)
- Browser-Based Data Leaks: 3 Biggest Data Security Challenges Today (source)
- Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks (source)
- Cardiff's children's chief confirms data leak 2 months after cyber risk was 'escalated' (source)