Forensic Summary
Check Point Research disclosed a critical vulnerability in ChatGPT's code execution runtime that allows a single malicious prompt to establish a covert outbound exfiltration channel, bypassing OpenAI's stated network isolation safeguards. Sensitive user data — including uploaded files, conversation content, and personal documents — could be silently transmitted to attacker-controlled servers without user knowledge or consent. The same channel was also found capable of enabling remote shell access within the Linux execution environment.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/chatgpt-data-leakage-via-a-hidden-outbound-channel-in-the-code-execution-runtime/
Top comments (0)