New Flaws Uncovered in OpenAI Models

Cybersecurity researchers have brought to light a significant set of seven vulnerabilities affecting OpenAI’s ChatGPT, specifically impacting the GPT-4o and GPT-5 models. According to a report from security firm Tenable, these flaws could be exploited by malicious actors to covertly access and steal sensitive personal information directly from a user’s chat history and the model’s memory. The findings highlight the ongoing security challenges in securing advanced AI systems from sophisticated attacks.

The core of these vulnerabilities lies in a technique known as indirect prompt injection. This method allows an attacker to manipulate the AI’s behavior without directly interacting with the victim. By embedding malicious instructions in external data sources that ChatGPT is asked to process, attackers can trick the large language model (LLM) into performing unintended and harmful actions.

Understanding the Attack Method

One of the primary attack vectors detailed by researchers Moshe Bernstein and Liv Matan involves ChatGPT’s web browsing capabilities. An attacker could craft a webpage containing hidden, malicious instructions. If a user asks ChatGPT to summarize or interact with this webpage, the AI would unknowingly execute the hidden commands. This could lead to the exposure of previous chat conversations, personal data, and other confidential details stored within the user’s session.

In response to the disclosure, OpenAI has reportedly addressed some of the identified vulnerabilities. However, the discovery underscores the critical need for robust security measures in AI development, as attackers continue to find creative ways to manipulate these powerful tools for nefarious purposes.