OpenAI addressed a security flaw in ChatGPT during early 2026 that security researchers demonstrated could turn an ordinary conversation into a covert channel for extracting data. According to the disclosure, a single malicious prompt was enough to trigger the behavior, raising concern about how AI assistants handle untrusted input embedded in the content they process.
The technique fell into a category researchers describe as prompt injection, in which instructions hidden inside a document, webpage, or message are interpreted by the model as commands. In this case, the exploit could route information out of a session without the user recognizing that data was leaving the conversation. OpenAI deployed a full fix on February 20, 2026.
The company also patched a related vulnerability affecting its Codex tool that involved GitHub token handling, part of a broader round of security hardening across its products. Researchers who reported the issues said the flaws underscored how quickly AI systems that connect to external data sources expand the potential attack surface.
The incident added to a growing body of documented AI security cases in 2026. Organizations deploying AI assistants have been advised to treat model inputs as untrusted and to apply access controls around the data those systems can reach. OpenAI said the reported issues were resolved and that it continues to review its systems for similar weaknesses.
Source: The Hacker News - https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html
