OpenAI Patches ChatGPT Data Leak via DNS Side Channel
In February, OpenAI addressed a critical vulnerability in ChatGPT that allowed attackers to exfiltrate sensitive data through a DNS side channel. Researchers at Check Point discovered that a single malicious prompt could bypass OpenAI’s safeguards, enabling unauthorized data transmission from ChatGPT’s code execution environment.
OpenAI had previously claimed that ChatGPT’s execution environment blocked direct outbound network requests. However, Check Point found that while OpenAI restricted standard network traffic, it failed to monitor DNS queries a method attackers could exploit to smuggle data to external servers. Since the system did not recognize DNS-based exfiltration as a threat, it did not trigger protective measures or require user approval.
Check Point demonstrated the flaw through three proof-of-concept attacks, including one involving a third-party "GPT" app acting as a personal health analyst. When a user uploaded a PDF containing lab results and personal data, the app processed the file and falsely assured the user that the data remained secure. In reality, the information was transmitted to an attacker-controlled server.
The vulnerability posed significant risks for regulated industries, where AI-driven data leaks could violate GDPR, HIPAA, or financial compliance standards. OpenAI reportedly fixed the issue on February 20, 2026, though the company did not immediately respond to requests for comment.
Separately, security engineer Buchodi and an OpenAI employee (under the alias NickT) confirmed that OpenAI has strengthened defenses against bot scraping, including Cloudflare’s Turnstile widget, to prevent unauthorized access to ChatGPT’s interface. These measures aim to preserve GPU resources for legitimate users while deterring abuse.
Source: https://www.theregister.com/2026/03/30/openai_chatgpt_dns_data_snuggling_flaw/
OpenAI cybersecurity rating report: https://www.rankiteo.com/company/openai
"id": "OPE1774910406",
"linkid": "openai",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Artificial Intelligence',
'name': 'OpenAI',
'type': 'Technology Company'}],
'attack_vector': 'DNS Side Channel',
'data_breach': {'data_exfiltration': 'Yes (via DNS side channel)',
'file_types_exposed': 'PDF (lab results and personal data)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal health information, '
'personally identifiable '
'information'},
'date_publicly_disclosed': '2026-02',
'date_resolved': '2026-02-20',
'description': 'OpenAI addressed a critical vulnerability in ChatGPT that '
'allowed attackers to exfiltrate sensitive data through a DNS '
'side channel. Researchers at Check Point discovered that a '
'single malicious prompt could bypass OpenAI’s safeguards, '
'enabling unauthorized data transmission from ChatGPT’s code '
'execution environment.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data leak',
'data_compromised': 'Sensitive data, including personal health '
'information',
'identity_theft_risk': 'High (due to exposure of personally '
'identifiable information)',
'legal_liabilities': 'Potential violations of GDPR, HIPAA, or '
'financial compliance standards',
'systems_affected': "ChatGPT's code execution environment"},
'investigation_status': 'Resolved',
'lessons_learned': 'DNS queries must be monitored as a potential exfiltration '
'vector in AI environments; safeguards should account for '
'indirect data transmission methods.',
'post_incident_analysis': {'corrective_actions': 'Patch to monitor and block '
'DNS-based exfiltration; '
'implementation of '
'additional bot-scraping '
'defenses (e.g., '
'Cloudflare’s Turnstile '
'widget).',
'root_causes': 'Lack of DNS query monitoring in '
"ChatGPT's execution environment; "
'over-reliance on blocking standard '
'network traffic without accounting '
'for side channels.'},
'recommendations': 'Implement comprehensive monitoring of all outbound '
'network activity, including DNS queries; enforce stricter '
'validation of third-party GPT apps; enhance user '
'awareness of data exfiltration risks.',
'references': [{'source': 'Check Point Research'}],
'regulatory_compliance': {'regulations_violated': ['GDPR',
'HIPAA',
'Financial compliance '
'standards']},
'response': {'communication_strategy': 'No immediate public response from '
'OpenAI',
'containment_measures': 'Patch to monitor and block DNS-based '
'exfiltration',
'enhanced_monitoring': 'Improved monitoring of DNS queries',
'remediation_measures': 'Strengthened defenses against DNS '
'side-channel attacks',
'third_party_assistance': 'Check Point (research and '
'disclosure)'},
'title': 'OpenAI Patches ChatGPT Data Leak via DNS Side Channel',
'type': 'Data Exfiltration',
'vulnerability_exploited': "Lack of DNS query monitoring in ChatGPT's "
'execution environment'}