Critical ChatGPT Data Leak Exploited via DNS Channel

Critical ChatGPT Data Leak Exploited via DNS Channel

First seen 30 Mar 2026, 20:00 UTC Research.CheckpointThehackernewsTheregisterLinkedinCybersecuritynews+7 82% similarity 67.5

Article Content

Browse articles
ThreatCluster

A recently discovered vulnerability in ChatGPT allowed attackers to exfiltrate sensitive user data through a covert DNS channel. Researchers from Check Point found that a single malicious prompt could activate this hidden exfiltration method, bypassing OpenAI's safeguards. The flaw enabled the silent extraction of user messages, uploaded documents, and contextual data without user awareness. OpenAI patched the vulnerability on February 20, 2026, following responsible disclosure, and stated there was no evidence of active exploitation. However, the incident raises concerns about the security of AI systems handling sensitive information. The vulnerability particularly affects custom GPTs, which could be manipulated to leak data. The implications are significant for industries dealing with regulated data, such as healthcare and finance. Organizations are advised to implement layered security measures to mitigate risks.

Key Points: • A vulnerability in ChatGPT allowed silent data exfiltration via a DNS channel. • The flaw was exploited using a single malicious prompt, bypassing existing safeguards. • OpenAI patched the vulnerability on February 20, 2026, with no evidence of exploitation.

ThreatCluster AI

Timeline

2026-02-20
OpenAI patched the ChatGPT data exfiltration vulnerability
2026-03-30
Check Point published research on the vulnerability
2026-03-31
Multiple news articles report on the vulnerability and its implications

Community

Browse all →