ChatGPT Vulnerability Allowed Data Exfiltration via Single Malicious Prompt
Check Point researchers discovered a vulnerability in ChatGPT that enabled attackers to exfiltrate sensitive data, including messages and uploaded files, through a single malicious prompt exploiting a DNS side channel.
A security vulnerability in ChatGPT could be exploited with a single malicious prompt to covertly exfiltrate sensitive data from conversations, according to researchers at Check Point. The flaw, disclosed on March 30, 2026, allowed attackers to bypass OpenAI's guardrails and transmit user messages, uploaded files, and other private content to an external server via a hidden DNS side channel from ChatGPT's isolated execution runtime.
The vulnerability stemmed from ChatGPT's assumption that its containerized environment was not designed to send data outward. When prompted to exfiltrate information, the model lacked the ability to mediate or resist the request. An attacker could craft a prompt directing ChatGPT to send conversation data to an attacker-controlled server, effectively turning the AI assistant into a covert data theft tool.
In a proof-of-concept demonstration, Check Point uploaded a PDF containing laboratory test results with personal information, including a patient name. Using the malicious prompt, the researchers exfiltrated the data to an external server. When asked if the information was sent to a third party, ChatGPT responded that it had not, seemingly unaware of the exfiltration.
The attack vector relies on tricking users into entering the malicious prompt. Researchers noted that attackers could distribute the prompt on websites or social media threads as a "productivity tip," making it appear harmless. Many users routinely copy and paste prompts from online sources, increasing the risk of exploitation.
OpenAI deployed a security update on February 20, 2026, after Check Point reported the issue. The fix closed the DNS side channel, preventing data exfiltration via this method. It is unknown whether the vulnerability was exploited in the wild prior to the patch.
This discovery highlights growing security concerns around AI assistants handling sensitive data. As tools like ChatGPT are increasingly used for tasks involving corporate secrets, health information, and personal finances, vulnerabilities that bypass isolation mechanisms pose significant privacy risks. Check Point emphasized that security must remain a central consideration as AI systems become more powerful and widely adopted.
The research underscores the need for robust security measures in AI platforms, including strict outbound network controls and prompt sanitization. Users are advised to be cautious when copying prompts from untrusted sources and to keep AI applications updated.