We've said it before,Taiwanand we'll sayit again: Don't input anything into ChatGPT that you don't want unauthorized parties to read.
Since OpenAI released ChatGPT last year, there have been quite a few occasions where flaws in the AI chatbot could've been weaponized or manipulated by bad actors to access sensitive or private data. And this latest example shows that even after a security patch has been released, problems can still persist.
According to a report by Bleeping Computer, OpenAI has recently rolled out a fix for an issue where ChatGPT could leak users' data to unauthorized third parties. This data could include user conversations with ChatGPT and corresponding metadata like a user's ID and session information.
However, according to security researcher Johann Rehberger, who originally discovered the vulnerability and outlined how it worked, there are still gaping security holes in OpenAI's fix. In essence, the security flaw still exists.
Rehberger was able to take advantage of OpenAI's recently released and much-lauded custom GPTsfeature to create his own GPT, which exfiltrated data from ChatGPT. This was a significant finding as custom GPTs are being marketed as AI apps akin to how the iPhone revolutionized mobile applications with the App Store. If Rehberger could create this custom GPT, it seems like bad actors could soon discover the flaw and create custom GPTs to steal data from their targets.
Rehberger says he first contactedOpenAI about the "data exfiltration technique" way back in April. He contacted OpenAI once again in November to report exactly how he was able to create a custom GPT and carry out the process.
On Wednesday, Rehberger posted an updateto his website. OpenAI had patched the leak vulnerability.
"The fix is not perfect, but a step into the right direction," Rehberger explained.
The reason the fix isn't perfect is that ChatGPT is still leaking data through the vulnerability Rehberger discovered. ChatGPT can still be tricked into sending data.
"Some quick tests show that bits of info can steal [sic] leak," Rehberger wrote, further explaining that "it only leaks small amounts this way, is slow and more noticeable to a user." Regardless of the remaining issues, Rehberger said it's a "step in the right direction for sure."
But, the security flaw still remains entirely in the ChatGPT apps for iOS and Android, which have yet to be updated with a fix.
ChatGPT users should remain vigilant when using custom GPTs and should likely pass on these AI apps from unknown third parties.
Topics Artificial Intelligence Cybersecurity ChatGPT OpenAI
Q&A with tendercare founder and CEO Shauna Sweeney
CES 2025: Wearable AI device Bee Pioneer listens, learns, and helps you get things done
CES 2025: Check out LG's new 3
Best headphones deal: Save $26 on Beats Studio 3
NYT Strands hints, answers for May 18
CES 2025: The best smart glasses
Protect your digital life: Key strategies for online safety
Get a $100 preorder credit on select Samsung TVs and audio
Samsung Unpacked stream is set for May 12, 2025
Ohio State vs. Texas 2025 livestream: How to watch Cotton Bowl online
Best Sony headphones deal: Over $100 off Sony XM5 headphones
Notre Dame vs. Penn State 2025 livestream: kickoff time, streaming deals, and more
Can I watch 'A Real Pain' at home? Here's when and where it's streaming.
CES 2025: Meet AutoKeybo, the transforming keyboard
Best Apple deal: Save $19 on AirTag 4
The story behind Pluto's huge moon bodes well for distant ocean worlds
NYT Connections hints and answers for January 9: Tips to solve 'Connections' #578.
Catch this CES
Samsung Unpacked stream is set for May 12, 2025
What's new to streaming this week? (Jan. 10, 2025)
Donald Trump may have just previewed his future TV networkEverybody is completely in love with Chris Wallace's debate performanceGet an early look at the new champion skins coming to 'League of Legends'Nintendo is about to reveal NX, its next gaming systemEminem's new track, 'Campaign Speech,' calls out Donald Trump and everything elseDancing with a mannequin head is way funnier than you'd expectToday in Trump mockery: The return of the ‘shortScientists 'accidentally' discovered a way to convert CO2 directly into ethanolHow Bran and Arya's paths could cross in 'Game of Thrones' Season 7iMessage hack floods Apple users with Chinese textsIvanka Trump speaks out about her father's remarks toward womenObama's final state dinner came with pasta and Mario BataliHow to play 'Battlefield 1' without pissing off your whole teamCheck out SMOSH poke fun at Donald Trump in new series 'The Big What If'Scientists reveal a dramatic new look at the Milky WayNintendo is about to reveal NX, its next gaming systemFrank Ocean wore Vans to Obama's last state dinnerNot even the audience can take Trump seriously when he says he respects womenJ.K. Rowling delivers magical takedown of Donald Trump with a single tweetApple sends out invites to October event Kurt Russell, Disney star of the '60s, steps up to defend James Gunn Drake and his glorious robe had a great weekend The fall of Maya society was bloody and worsened by a 200 Apple is killing its App Store affiliate program One 'Game of Thrones' actor has revealed he's not in Season 8 Google Maps adds a 3D Globe Mode iHeartRadio is using AI to smooth transitions between tracks Woman finds 16 Comcast and Amazon are partnering to bring Prime Video to Xfinity X1 'The Banner Saga' series is a beautiful journey of struggle and loss J.K. Rowling pens passionate defense of Europe ahead of referendum Texas Instruments now makes a rose gold graphing calculator This unearthed, moving childhood doll is the stuff of your darkest nightmares Google Maps will tell your friends your location, phone battery level Selena Gomez fell at her concert last night, three days after Justin did the same Instagram no longer asks if you meant to click 'unfollow' button YouTube's new Pride initiative will give you all the feels Apple officially becomes the first $1 trillion company Brookstone files for bankruptcy, will close all its mall locations Swiping sucks and even the dating industry knows it