OPENAI has patched two related security issues affecting ChatGPT and Codex, after findings published on 30 March 2026 by The Hacker News highlighted data exfiltration and token theft risks. According to Check Point, a previously unknown vulnerability allowed sensitive conversation data to be exfiltrated via a covert channel, with a single malicious prompt capable of turning a normal chat into a data-leaking session, though there is no evidence it was ever exploited.
OpenAI addressed the issue on 20 February 2026, and the report notes that safeguards were bypassed by exploiting a side channel from the Linux runtime used for code execution and data analysis, via a hidden DNS-based transport path that could also enable remote shell access.
Separately, BeyondTrust Phantom Labs described a command injection flaw in Codex that could steal a GitHub User Access Token and grant lateral movement into repositories, with OpenAI patching this vulnerability by 5 February 2026; the flaw affected the ChatGPT website, Codex CLI, Codex SDK and Codex IDE Extension. The researchers emphasised that as AI tools become more embedded in enterprise environments, organisations need independent security controls and layered protection between themselves and AI vendors.