ChatGPT prompt-injection URL-modification bypass ZombieAgent security flaw
Vulnerability
Summary
Hide ▲
Show ▼
ZombieAgent is a newly identified prompt-injection vulnerability in ChatGPT that could leak sensitive data from connected services such as Gmail, Outlook, Google Drive, and GitHub. The flaw bypassed OpenAI’s URL-modification defenses by using pre-constructed static URLs and exfiltrating data one character at a time. It was reported through BugCrowd in September 2025 and reportedly fixed in mid-December 2025.
Related Happenings
ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw
Vulnerability
First: 31.03.2026 16:01
Last: 31.03.2026 16:01
Sources 1
About this happening:
A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...
ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw
VulnerabilityAbout this happening: A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...
OpenAI Safety Bug Bounty launch
Commercial Activity
First: 26.03.2026 14:20
Last: 26.03.2026 14:20
Sources 1
About this happening:
**OpenAI** launched the **Safety Bug Bounty** on **Bugcrowd**, expanding researcher coverage for **AI abuse** and **safety risks** across its products. The new program complements...
OpenAI Safety Bug Bounty launch
Commercial ActivityAbout this happening: **OpenAI** launched the **Safety Bug Bounty** on **Bugcrowd**, expanding researcher coverage for **AI abuse** and **safety risks** across its products. The new program complements...
OpenAI Codex Security rolls out as a research-preview vulnerability-finding agent
Security Tool/Service
First: 07.03.2026 18:28
Last: 07.03.2026 18:28
Sources 1
About this happening:
**OpenAI** began rolling out **Codex Security** in **research preview**, adding an AI security agent that can **find, validate, and propose fixes** for vulnerabilities. The rollou...
OpenAI Codex Security rolls out as a research-preview vulnerability-finding agent
Security Tool/ServiceAbout this happening: **OpenAI** began rolling out **Codex Security** in **research preview**, adding an AI security agent that can **find, validate, and propose fixes** for vulnerabilities. The rollou...
Google Gemini indirect prompt injection via calendar invites security flaw
Vulnerability
First: 19.01.2026 19:21
Last: 19.01.2026 19:21
Sources 1
About this happening:
Researchers disclosed a **Google Gemini** vulnerability in which a malicious **calendar invite** could use **indirect prompt injection** to bypass authorization guardrails and exp...
Google Gemini indirect prompt injection via calendar invites security flaw
VulnerabilityAbout this happening: Researchers disclosed a **Google Gemini** vulnerability in which a malicious **calendar invite** could use **indirect prompt injection** to bypass authorization guardrails and exp...
AWS CodeBuild ACTOR_ID regex bypass security flaw
Vulnerability
First: 15.01.2026 21:31
Last: 15.01.2026 21:31
Sources 1
About this happening:
**AWS CodeBuild**'s **ACTOR_ID regex filters** were misconfigured, allowing a build-trigger bypass that could expose privileged GitHub tokens and enable repository takeover. The f...
AWS CodeBuild ACTOR_ID regex bypass security flaw
VulnerabilityAbout this happening: **AWS CodeBuild**'s **ACTOR_ID regex filters** were misconfigured, allowing a build-trigger bypass that could expose privileged GitHub tokens and enable repository takeover. The f...
Timeline
-
08.01.2026 18:45 2 articles · 4mo ago
ChatGPT prompt-injection URL-modification bypass ZombieAgent security flaw
Initial DisclosureResearchers identified **ZombieAgent**, a ChatGPT prompt-injection weakness that could drive the agent to leak data from connected services. OpenAI reportedly closed the issue in **mid-December 2025** after a **September 2025** report through **BugCrowd**.
Show sources
- New Zero-Click Attack Lets ChatGPT User Steal Data — www.infosecurity-magazine.com — 08.01.2026 18:45
- New Zero-Click Attack Lets ChatGPT User Steal Data — www.infosecurity-magazine.com — 08.01.2026 18:45