Theregister
Critical ChatGPT Data Leak Exploited via DNS Channel
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A recently discovered vulnerability in ChatGPT allowed attackers to exfiltrate sensitive user data through a covert DNS channel. Researchers from Check Point found that a single malicious prompt could activate this hidden exfiltration method, bypassing OpenAI's safeguards. The flaw enabled the silent extraction of user messages, uploaded documents, and contextual data without user awareness. OpenAI patched the vulnerability on February 20, 2026, following responsible disclosure, and stated there was no evidence of active exploitation. However, the incident raises concerns about the security of AI systems handling sensitive information. The vulnerability particularly affects custom GPTs, which could be manipulated to leak data. The implications are significant for industries dealing with regulated data, such as healthcare and finance. Organizations are advised to implement layered security measures to mitigate risks.
Key Points: • A vulnerability in ChatGPT allowed silent data exfiltration via a DNS channel. • The flaw was exploited using a single malicious prompt, bypassing existing safeguards. • OpenAI patched the vulnerability on February 20, 2026, with no evidence of exploitation.