OpenAI ChatGPT indirect prompt injection vulnerabilities GPT-4o/GPT-5 security flaw
Vulnerability
Summary
Hide ▲
Show ▼
OpenAI's ChatGPT has a newly disclosed set of indirect prompt injection flaws in GPT-4o and GPT-5 that could let an attacker steal data from users' memories and chat histories or trigger unintended actions.
Related Happenings
OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation
Security Tool/Service
First: 12.05.2026 09:55
Last: 12.05.2026 09:55
Sources 1
About this happening:
OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...
OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation
Security Tool/ServiceAbout this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Target Trend
First: 05.05.2026 13:30
Last: 05.05.2026 13:30
Sources 1
About this happening:
A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Target TrendAbout this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw
Vulnerability
First: 31.03.2026 16:01
Last: 31.03.2026 16:01
Sources 1
About this happening:
A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...
ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw
VulnerabilityAbout this happening: A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...
OpenAI Safety Bug Bounty launch
Commercial Activity
First: 26.03.2026 14:20
Last: 26.03.2026 14:20
Sources 1
About this happening:
**OpenAI** launched the **Safety Bug Bounty** on **Bugcrowd**, expanding researcher coverage for **AI abuse** and **safety risks** across its products. The new program complements...
OpenAI Safety Bug Bounty launch
Commercial ActivityAbout this happening: **OpenAI** launched the **Safety Bug Bounty** on **Bugcrowd**, expanding researcher coverage for **AI abuse** and **safety risks** across its products. The new program complements...
OpenClaw hardening guidance (CNCERT)
Advisory/Mitigation
First: 14.03.2026 18:17
Last: 14.03.2026 18:17
Sources 1
About this happening:
China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...
OpenClaw hardening guidance (CNCERT)
Advisory/MitigationAbout this happening: China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...
Timeline
-
05.11.2025 16:04 2 articles · 6mo ago
ChatGPT indirect prompt injection vulnerabilities disclosed
Initial DisclosureCybersecurity researchers disclosed seven indirect prompt injection vulnerabilities affecting OpenAI's ChatGPT, including GPT-4o and GPT-5, that could let an attacker manipulate model behavior and steal personal information from users' memories and chat histories. The findings included browsing-context, search-context, one-click, safety-bypass, conversation-injection, malicious-content-hiding, and memory-injection paths, and OpenAI has since addressed some of the issues.
Show sources
- Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data — thehackernews.com — 05.11.2025 16:04
- Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data — thehackernews.com — 05.11.2025 16:04