Security News > 2023 > December > OpenAI rolls out imperfect fix for ChatGPT data leak flaw
OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. According to the researcher who discovered the flaw, the mitigation isn't perfect, so attackers can still exploit it under certain conditions.
Security researcher Johann Rehberger discovered a technique to exfiltrate data from ChatGPT and reported it to OpenAI in April 2023.
GPTs are custom AI models marketed as "AI apps," specializing in various roles such as customer support agents, assisting in writing and translation, performing data analysis, crafting cooking recipes based on available ingredients, gathering data for research, and even playing games.
"Since ChatGPT is not open source and the fix is not via a Content-Security-Policy the exact validation details are not known."
ChatGPT down after major outage impacting OpenAI systems.
OpenAI confirms it's not killing off ChatGPT plugins for now.
News URL
Related news
- Leak confirms OpenAI's ChatGPT will integrate MCP (source)
- Leak confirms OpenAI's GPT 4.1 is coming before GPT 5.0 (source)
- OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limits (source)
- OpenAI document explains when to use each ChatGPT model (source)
- Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks (source)
- Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures (source)
- New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy (source)
- OpenAI hints at a big upgrade for ChatGPT Operator Agent (source)
- OpenAI plans to ship an interesting ChatGPT product by 2026 (source)
- Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers (source)