A security vulnerability in ChatGPT could be exploited with a single malicious prompt to covertly exfiltrate sensitive data from prompts and messages, including uploaded files and other content. The issue, which enabled data exfiltration and remote code execution, was discovered by cybersecurity researchers at Check Point, who warned it could put user privacy at risk, according to Check Point. A security update for ChatGPT was deployed on 20 February after researchers reported the issue to OpenAI.
Prior to the fix, a hidden outbound communication path from ChatGPT’s isolated execution runtime to the public internet could have put users at risk of having their messages and prompts exposed. In a proof-of-concept, Check Point uploaded a PDF containing lab results with personal information and used the malicious prompt to exploit the vulnerability, and ChatGPT reportedly indicated it had not sent the information, seemingly unaware that a server operated by the attacker received highly sensitive data.
The researchers noted there are multiple ways to trick users into entering such prompts, for example via websites or social media threads about productivity prompts.