惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
T
Troy Hunt's Blog
Help Net Security
Help Net Security
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
M
MIT News - Artificial intelligence
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V2EX - 技术
V2EX - 技术
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
T
Threatpost
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
I
InfoQ
H
Hacker News: Front Page
D
Docker
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
人人都是产品经理
人人都是产品经理
博客园 - 叶小钗
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
博客园 - 【当耐特】
T
Tor Project blog
U
Unit 42
H
Heimdal Security Blog
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Privacy & Cybersecurity Law Blog
PCI Perspectives
PCI Perspectives
美团技术团队
O
OpenAI News
T
Tailwind CSS Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog
GbyAI
GbyAI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MyScale Blog
MyScale Blog

JPost.com - Business & Innovation | The Jerusalem Post

The innovation bridge: A new paradigm for the US-Israel alliance - opinion Your Investments: Financial freedom and Jerusalem unification Your Taxes: How Israel’s new war compensation system works Victory for the Negev vision: Light Rail will reach gates of the intelligence campus - opinion Only 45% of Tel Aviv Stock Exchange companies made donations in 2025, study finds “Within 5 to 6 Years, all of Israel will be connected to a single water network” Forget the model wars, the real AI challenge is orchestration -opinion Israeli-Cypriot cyber company to unveil Starlink de-anonymizing tool - report Cellular Intelligence strikes deal with Novo Nordisk to advance Parkinson’s cell therapy Israel’s inflation dynamics remain under control IDF reservists created 150 new startups during last year, innovation program reveals Trump to regulate AI development after Anthropic's Mythos posed cybersecurity threat - report Your Investments: Prosperity in Israel takes time, but aliyah is worth it Your Taxes: An agreement is an agreement Inside Inspiraction, the Jerusalem incubator helping young Israelis turn ideas into start-ups Israeli-founded AI biotech Immunai expands AstraZeneca cancer collaboration The death of the US Jewish Orthodox middle class- opinion Real estate giant invests $200 million into Miami’s high-tech hub: What’s Flow Wynwood? Almost half of operational decisions will be done by AI in 2030, IBM reveals - poll It’s all about timing! 2026 is a rare opportunity window for Tel Aviv real estate A new standard of hospitality How Israel’s new reporting rules change the olim tax holiday - opinion Senior R&D managers are paying the price of the AI revolution - opinion Consumer guilt costs companies billions in abandoned online shopping carts - study A strategic miss: R&D is Israel's brain - so why does it develop, manufacture abroad? - opinion Connecting neighbors under fire: The story behind Angels of the Shelter AI is ending era of ‘job immunity’ for young tech workers as it reshapes Israel's job market Israeli AI startup cracks code of who is at fault when system fails: What do they do? - interview Your Taxes: Israel’s lower mid-market is tempting international M&A buyers Your Investments: Second chances, respect, and newlywed finance Microbes coordinate activity to reduce competition, Israeli researchers discover Decoding the digital pulse: How Prof. Yaniv Dover maps the flow of information and human behavior UAE exit weakens OPEC+ power over oil market but group to stay together, sources say - analysis Cyber proxy wars escalate as hackers shift to infrastructure targets Fattal Hotels to transition THE JAFFA into kosher luxury hotel starting May 1 Israel's high-tech faces unexpected crisis as dollar slides 20% against shekel | The Jerusalem Post From the capital of the Negev to the decision-making tables of the world’s leaders From Caesarea to the Moon Hundreds of Google employees urge CEO not to sign deal with Pentagon in open letter AI startup Mercor faces mass litigation following data breach - report Omer Adam’s AI company signs billion-dollar deal with AI infrastructure giant Crusoe Beer, snacks and smart design: An Israeli innovation targets stadium crowds Shlomo Group turns to Indian technicians in NIS 50m service-center expansion Against all official odds: Jerusalem business owners struggle to survive as the state dithers Your Investments: Avoid repeating financial blunders Your Taxes: So you want to acquire an Israeli company? Amazon-backed nuclear reactor developer X-Energy raises over $1 billion in IPO The network effect: Orly Carmon’s ORCA is rewriting power for women across borders Israeli battery-swapping IP owners demand $250 million from Chinese EV giant | The Jerusalem Post Polymarket forecast: What does the platform predict for US-Israel-Iran war? | The Jerusalem Post A strong shekel, a weakened export engine US Iran tensions send oil higher, rattle global markets | The Jerusalem Post Tim Cook steps down as Apple CEO after 15 years, with insider John Ternus set to replace him Israel’s hidden strength: Institutional capital pools The banking system Israeli drone‑detection start-up scores major US commercial breakthrough | The Jerusalem Post Bypassing closed skies: First-of-its-kind solution keeps e-commerce shipments flowing to Israel Why hi-tech recruitment must evolve: The role of AI in the new hiring landscape | The Jerusalem Post Jerusalem razes Elie Wiesel Plaza for NIS 73m. underground passage to Shaare Zedek Shipping firms seek clarifications before crossing Hormuz as tankers move towards Strait Your Taxes: OECD, G20 launch plan to expose untaxed real estate funds and income Your Investments: Can you attain financial freedom in Israel? Between Israel and Latin America, Ilan Goldfajn builds a quiet economic bridge Luria: A Jerusalem-inspired project with modern boutique design | The Jerusalem Post S&P 500 closes at fresh record, recovering all losses since start of US-Iran war Dollar falls below three shekels for first time in over 30 years, annual inflation rate declines US gaming company sues Israeli game developer who claims no connection to company's failure US will not renew waiver on Iranian oil as it mounts pressure on Tehran, sources say While dating swipes decrease, JWed.com Marriages increase to record 4,100! | The Jerusalem Post IMF warns of potential global recession if Iran war worsens | The Jerusalem Post BHI extends $88m bridge loan for Midtown Manhattan tower acquisition | The Jerusalem Post How deepfake scams are costing companies millions worldwide | The Jerusalem Post Beyond a ceasefire, top IDF officer compromised- opinion Isracard, JFNA-backed fund says it has extended NIS 135m. in credit to war-hit small businesses Crisis contractor for OpenAI, Anthropic eyes a move to combat extremism Bank Hapoalim’s US arm funds $203m Manhattan housing conversion IMF warns Strait of Hormuz might never be back to normal Are Polymarket, Kalshi illegal? | The Jerusalem Post Rethinking risk: Why Israel is no longer the outlier - opinion Artemis II astronauts safely back on Earth after trip around moon Your Investments: Financial modesty Your Taxes: The budget’s tax breaks New Israeli app tracks disaster victims in real time, speeds emergency response | The Jerusalem Post US consumer inflation expected to have surged in March amid Iran war Former El Al chief rejects monopoly, price gouging claims after Iran war profits Global markets rally, oil drops below $100 after US-Iran ceasefire | The Jerusalem Post Strait of Hormuz closure has raised oil prices, but not without precedent - analysis Q-Factor emerges as Israel’s latest quantum computing developer with $24 million seed investment Enlight CEO: Iran war reinforces Israel's need for renewable energy Leviathan gas field resumes operations after risk of strikes from Iran war outbreak Your Taxes: You can't have your matzah and eat it, too Gulf states consider bypassing Strait of Hormuz with new oil pipelines via Haifa - FT ‘Perfect storm’: Israel's high-tech faces human capital crisis, lack of new students in age of AI Mekorot reports strong core growth in 2025, but regulatory changes drive heavy net loss Leumi, Shestovitz take stakes in Profit Finance Group with NIS 670 million investment Pentagon denies report of Hegseth-linked pre-strike defense investments Despite the war: Israeli high-tech opens 2026 with approximately $3.1 billion in funding Prediction 2026 Israeli AI optimization company ScaleOps surpasses $800 million valuation More than a port - a strategic anchor for Israel
Can you really trust your ‘private’ AI assistant to keep your secrets? | The Jerusalem Post
JACOB LAZNIK · 2026-04-04 · via JPost.com - Business & Innovation | The Jerusalem Post
ByJACOB LAZNIK

Imagine this: you’re asking ChatGPT to help with something you really don’t want anyone else to see. Maybe it’s a lab report with your name on it. Maybe it’s a resignation letter you haven’t sent yet. Maybe it’s a contract, a financial spreadsheet, or a private message you’re trying to word carefully. 

You assume it stays between you and your “personal assistant’ until you approve sending it somewhere else. But the Israeli cybersecurity company Check Point’s research says that assumption may not have always held up.

The company found a weakness in ChatGPT’s system that could allow someone to extract data without triggering any alarms. According to Check Point Software Technologies, there is a small hole in the code that could be used to move data around without triggering the usual alert warnings.

OpenAI said in late 2025 that it was serving more than 800 million users a week, and separate OpenAI research found users were already sending about 18 billion messages weekly by July 2025. People don’t just use it for jokes or curiosity. They use it to review spreadsheets, summarize contracts, draft emails, write code, polish presentations, and make sense of medical or financial language that can feel overwhelming on its own.

We are not just talking about a chatbot that people use for fun every now and then. This is a system that many people use as a helper for their work, a partner for writing, a tool for research, and sometimes even as someone to talk to about personal decisions. If there is a hidden flaw in a system like this, it is not just a problem with the technology. It is a problem with trust.

The logo of network security provider Check Point Software Technologies Ltd is seen on servers at their headquarters in Tel Aviv, Israel August 14, 2016
The logo of network security provider Check Point Software Technologies Ltd is seen on servers at their headquarters in Tel Aviv, Israel August 14, 2016 (credit: REUTERS/BAZ RATNER)

Check Point said the flaw sat inside the runtime ChatGPT uses for data analysis and Python-based tasks. You can think of that runtime as a sealed workspace inside the product, a place where files can be processed and code can run without freely reaching out to the wider Internet. According to the research, normal outbound web traffic was blocked, but one background function remained available: Domain Name System (DNS) resolution, the system by which computers use to find websites.

That one small function was all that was needed. By taking advantage of a weakness in DNS, attackers could create a secret way to move information out of a secure area.

This is called “DNS tunneling,” but it’s not as complicated as it sounds. Basically, instead of sending data through normal Internet traffic, the attacker hides tiny bits of it inside what looks like a regular request to look up a website. It’s like sneaking a small message inside a harmless-looking package. The attacker can then use this secret tunnel to slowly move information out of the environment, without being detected.

ChatGPT does have approved ways to connect with outside services. GPT Actions, for example, is supposed to be visible and require user approval before data is sent elsewhere. Check Point said the flaw it found sidestepped that model, because the assistant behaved as if the code execution environment could not send data outward directly. In other words, the system didn’t recognize the activity as an external transfer that needed to be blocked or shown to the user.

How the potential leak could work

Check Point said that the attack could begin with something as ordinary as a prompt, the text instruction a user pastes into ChatGPT.

Prompt-sharing has become a popular trend. People copy prompts from LinkedIn posts, Reddit threads, newsletters, forums, Slack groups, and “best prompts” lists every day. Most of the time, they don’t stop to wonder where that text actually came from.

That gave attackers a natural disguise. A malicious prompt could be framed as a writing shortcut, a productivity trick, or even a hack for getting premium-style behavior. And let’s be honest, many legitimate prompts already look strange. They’re long, overly detailed, and packed with clunky instructions. So, if one more odd-looking prompt shows up in your feed, you probably wouldn’t think twice.

Once that prompt was in place, Check Point said later messages in the conversation with ChatGPT could become a source of leaked information. That could include what you typed, text pulled from uploaded files, and, crucially, the model’s own summaries and conclusions.

While exposing your own personal files is a huge issue, the access to the model’s summaries are actually more problematic. An attacker may not care about a raw 30-page contract if the model can boil it down to the four clauses that actually matter. They may not want the full medical report if ChatGPT has already summarized the likely diagnosis, the red flags, and the next step. They may not need the whole quarterly spreadsheet if the system produces a neat paragraph explaining the financial risk.

In that sense, the research describes something more serious than simple document theft. It describes the possible theft of the most useful insight inside the document.

If a trusted AI system reads something sensitive, turns it into something concise and valuable, and quietly sends that result elsewhere, the damage may be worse than if the original file leaked on its own.

How does this impact everyday users?

Check Point’s report has come out at a time when people are using AI tools for far more than casual questions. OpenAI’s own research said about 30% of consumer ChatGPT usage is tied to work, while most conversations, overall, center on practical guidance, information, and writing. That means millions of users are feeding these systems material that is commercially sensitive, personally identifying, or simply private.

The real-world applications are endless. A lawyer uploads a draft agreement. A startup founder pastes in a fundraising memo. A manager asks for help rewriting a performance review. A parent wants help understanding a child’s blood test. A student drops in a scholarship essay that includes personal details. A job seeker asks ChatGPT to improve a cover letter that mentions a current employer. None of those people thinks of themselves as taking a cybersecurity risk. They think they’re just getting help.

That is why this kind of weakness is so unsettling. Could most users spot an attack like this while it was happening? Probably not. If the answers still come back polished, the conversation still feels normal, and there’s no warning on screen, then you have very little reason to think anything is wrong.

Custom GPTs makes risk of undetected attacks even higher

Check Point said the risk became even more serious when the same behavior was embedded in a custom GPT. In that scenario, the attacker would not need to persuade someone to paste a suspicious prompt into a regular chat at all. The malicious behavior could be built into a specialized GPT’s instructions or files, while the user believed they were simply opening a tool designed for a specific purpose.

Custom GPTs are often preset bots marketed around convenience and expertise: legal drafting, marketing plans, interview prep, budgeting, customer support, study help, and health guidance. The specialization makes them feel safer, not riskier. If something looks like a purpose-built assistant, many users are more likely to trust it, not less. Custom GPTs are also specifically programmed to produce certain results that users with similar inquiries will be satisfied with, so for a lot of these requests, it’s quite appealing to seek out a specific GPT rather than asking the generic chatbot.

To illustrate the point, Check Point emulated a proof of concept involving a “personal doctor” GPT. In the demonstration, a user uploaded lab results containing identifying information and asked the system to interpret symptoms and the medical findings. From the user’s point of view, everything looked normal. The GPT responded as expected, and the assistant even said, after being asked, that the uploaded data had not been sent anywhere.

Behind the scenes, however, Check Point said the attacker’s server received both the patient’s identity from the file and the model’s medical assessment. No approval prompt appeared. No visible signal informed the user that any data had left the session.

From quiet leakage to remote access

Check Point said the same covert channel could also be used for something more aggressive than data theft. Once a two-way path existed between the runtime and an attacker-controlled server, the researchers said it could be used to send commands into the Linux container used for code execution and receive results back through the same route. In effect, the company said, that amounted to remote shell access inside the runtime.

Put simply, it would mean the attacker was not just extracting information. They could potentially operate inside the environment where ChatGPT was performing analysis tasks. And because those commands would not need to appear in the visible conversation, the activity could take place outside the normal chat flow and beyond the assistant’s usual safeguards.

Check Point said it disclosed the issue to OpenAI, which confirmed it had already identified the underlying problem internally and fully deployed a fix on February 20, 2026. That lowers the immediate risk, but it doesn’t erase the broader lesson, nor does it indicate how many bad actors found this exploit before it was resolved.

AI assistants are no longer just chat windows. They are becoming working environments, places where we upload files, run code, analyze records, and generate high-value conclusions from sensitive material.

Check Point’s study used only ChatGPT; however, it argues that the findings do not warrant separate case studies for Claude or Gemini, but rather call for a more hands-on, monitored approach to AI security across the board. 

Meanwhile, as this evolution continues, the security question changes too. It’s no longer only about whether the model gives a useful answer. It’s whether the invisible infrastructure under that answer can be trusted.

For now, one doesn’t need to stop using AI entirely, but think twice, and reconsider that “your personal assistant” may be communicating with someone else.

When you hand private information to an AI system, you assume the walls around that system are solid. The reality is that those walls may depend on technical layers that most of us will never see, and probably won’t think to question until something goes wrong.

Follow us on Google