OpenAI patched a critical vulnerability in ChatGPT that allowed malicious prompts to exfiltrate sensitive user data through a DNS side channel, bypassing existing outbound network security controls.

Key points

• Researchers at Check Point discovered that ChatGPT’s code execution environment could transmit data via DNS requests despite restrictions on direct outbound traffic.
• The vulnerability allowed attackers to smuggle sensitive information, such as personal health records, to external servers without user authorization.
• Check Point demonstrated the flaw using a custom GPT app that appeared to store data securely while simultaneously leaking it to a remote server.
• OpenAI implemented a fix for the data exfiltration vulnerability on February 20, 2026.

This security flaw highlights the risks of relying on AI tools for processing sensitive information in regulated sectors like healthcare and finance. If left unaddressed, such vulnerabilities could lead to significant data breaches and non-compliance with privacy frameworks like GDPR or HIPAA.