惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
The GitHub Blog
The GitHub Blog
博客园 - 【当耐特】
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Announcements
Recent Announcements
D
Docker
GbyAI
GbyAI
酷 壳 – CoolShell
酷 壳 – CoolShell
WordPress大学
WordPress大学
The Cloudflare Blog
雷峰网
雷峰网
A
About on SuperTechFans
小众软件
小众软件
博客园 - Franky
博客园 - 聂微东
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
C
Check Point Blog
MongoDB | Blog
MongoDB | Blog
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
V
V2EX
Engineering at Meta
Engineering at Meta
宝玉的分享
宝玉的分享
aimingoo的专栏
aimingoo的专栏
量子位
P
Proofpoint News Feed
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
罗磊的独立博客
Martin Fowler
Martin Fowler
D
DataBreaches.Net
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Secure Thoughts
Project Zero
Project Zero
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tailwind CSS Blog
S
Schneier on Security
Blog — PlanetScale
Blog — PlanetScale
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
Security Latest
Security Latest
NISL@THU
NISL@THU
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
CXSECURITY Database RSS Feed - CXSecurity.com
J
Java Code Geeks

JPost.com - Tech | The Jerusalem Post

AI search optimization and the future of local business visibility | The Jerusalem Post 32 startups return to Galilee as new recovery plan takes shape | The Jerusalem Post 63% of roles requiring AI understanding are not in tech at all | The Jerusalem Post intelligence capitalizes on AI frenzy – and raises prices | The Jerusalem Post The dirty trick behind the massive tech layoffs | The Jerusalem Post The great wipeout: Nvidia lost $1 trillion within two months | The Jerusalem Post Kurdistan looks to follow Israel's lead and become the next Start-Up Nation | The Jerusalem Post Israel’s digital wallet boom signals a new era for online payments | The Jerusalem Post This is the company that is the best to work for in Israel | The Jerusalem Post Report: Amazon plans giant fundraise of at least $25 billion | The Jerusalem Post A 2,267% surge in demand for this profession | The Jerusalem Post Severe report: Historical peak in the number of unemployed tech workers | The Jerusalem Post Offshore talent is being used to keep Israeli startups growing | The Jerusalem Post Shay Gal launches line of state | The Jerusalem Post $7.6 billion in half a year: Tech fundraising surged by 52% | The Jerusalem Post AI training program for reserve soldiers launched by tech entrepreneur | The Jerusalem Post Aligned is raising $60 million | The Jerusalem Post Israel's new fund for deep tech startups offers up to NIS 6 million in funding | The Jerusalem Post Tech workers laid off and collapsing under the mortgage burden | The Jerusalem Post Tech Talk: Lightkey, the AI-powered Israeli startup transforming writing | The Jerusalem Post After Wix: Elementor fires about 30% of its employees | The Jerusalem Post The rate of young Haredim in tech has tripled | The Jerusalem Post Cyber security company NewCore raises $66 million | The Jerusalem Post Following two-week US government ban, Anthropic’s Fable 5 to come back online | The Jerusalem Post Record of leading Israeli companies in LGBT equality | The Jerusalem Post Publicis Israel enters the AI arena with a Ddata, media, and creative system | The Jerusalem Post A new fund will invest in defense startups | The Jerusalem Post Elon Musk lost hundreds of billions within a few days | The Jerusalem Post The giant company parted ways with 21,000 employees within a year | The Jerusalem Post $85 billion was not enough for him: Elon Musk launches an insane fundraising campaign | The Jerusalem Post Four giants poured a billion dollars into an Israeli company | The Jerusalem Post Israeli AI firm launches robotaxis in Munich powered by Nvidia and Uber | The Jerusalem Post The Rat Race 2.0: The less glamorous side of the AI revolution | The Jerusalem Post With an investment of NIS 12 million: Shimon Gershon storms the rental market | The Jerusalem Post Three Israeli start-ups win Intel's Edge AI Tech Challenge | The Jerusalem Post Valued at $250 billion: Tel Aviv ranks fourth among world cities | The Jerusalem Post Elon Musk and Altman are generating the future | The Jerusalem Post Nvidia stunned Wall Street with a massive fundraising round | The Jerusalem Post Daniel turned a family tragedy into a lifesaving search engine | The Jerusalem Post SailPoint acquires Israeli startup Entro for approximately $200 million | The Jerusalem Post GMT is acquired by Western Union for NIS 200 million | The Jerusalem Post What lies ahead for next CEO of Israel Innovation Authority | The Jerusalem Post This Israeli startup is using AI to transform cinemas into more than just a place to watch movies Israeli-founded cyber firm A Security emerges from stealth with $37m. to fight weaponized AI 'ChatGPT is dead': OpenAI plans to ditch chatbots for agents in upcoming updates of AI model - FT BloomX: Stepping up to save the crops Moving FourWard: Inside Jerusalem's ambitious bid to reinvent medical innovation IATI connects VC funds with foreign ambassadors and attachés in Israel Amid shekel-dollar crisis: Hi-tech sector gains strength as Israel's main export with 58% in 2025 Israel’s mobility sector forecasts what inventions can actually deploy and when Haredim making headway in hi-tech: Projects to introduce ultra-Orthodox to workforce see success Amdocs to lay off 3,000 employees Wix cuts 20% of its employees citing shekel-dollar exchange rate, AI implementation Why AI could create the next wave of Israeli unicorns UVeye scales automated vehicle‑inspection tech across global automotive markets Company invests in hub to make New Jersey 'new Silicon Valley' for foreign start ups AI and robots will not replace engineers; they will remove the tedious work Israeli start-up Limy develops tools to help brands appear in AI chat engines The rise of deep tech is the north’s opportunity Israeli startup Frame Security raises $50m IDF reservists created 150 new startups during last year, innovation program reveals Trump to regulate AI development after Anthropic's Mythos posed cybersecurity threat - report Israeli-founded AI biotech Immunai expands AstraZeneca cancer collaboration Israeli AI startup cracks code of who is at fault when system fails: What do they do? - interview Decoding the digital pulse: How Prof. Yaniv Dover maps the flow of information and human behavior Israel's high-tech faces unexpected crisis as dollar slides 20% against shekel | The Jerusalem Post From the capital of the Negev to the decision-making tables of the world’s leaders Omer Adam’s AI company signs billion-dollar deal with AI infrastructure giant Crusoe Israeli battery-swapping IP owners demand $250 million from Chinese EV giant | The Jerusalem Post Israeli drone‑detection start-up scores major US commercial breakthrough | The Jerusalem Post New Israeli app tracks disaster victims in real time, speeds emergency response | The Jerusalem Post Q-Factor emerges as Israel’s latest quantum computing developer with $24 million seed investment ‘Perfect storm’: Israel's high-tech faces human capital crisis, lack of new students in age of AI Israeli AI optimization company ScaleOps surpasses $800 million valuation Israeli entrepreneurs raise $11 million to fight vulnerabilities exploited by Iranian hackers Turning innovation into impact Israeli firm CloudZone partners with Anthropic to offer leading AI models in AWS Surf AI raises $57 million for AI platform built for security teams Development from the shelter: Israeli company reveals new AI motor launched amid Iranian missiles As AI agents spread, Onyx raises $40 million to guard them High-tech glass ceiling: Women lead the shift from military command to professional confidence TAU Ventures portfolio company XTEND heads to NASDAQ at $1.5B valuation AI modeling predicts IRGC support for military general to succeed Khamenei AI vibe coding will replace frontend developers within two to three years, experts tell ‘Post’ Nvidia acquires Israeli data co Illumex Technion leads Israel, Europe in AI research in new CSRanking index, ranking 21st worldwide Elon Musk says Tesla's new 'affordable' Cybertruck will only be available for 10 days Israel was world’s top target for geopolitical cyberattacks in 2025, report finds Israeli entrepreneurs create ‘Semantics Engineering,’ aiming to solve enterprise AI context crisis Two senior cybersecurity figures join Cyber 2.0 advisory board Palo Alto Networks becomes Tel Aviv Stock Exchange's most valued company at $115 billion ICON became the backbone of Israeli Tech in Silicon Valley. This is how they did it Dr. Dan Marom: Shaping Israel’s Next Generation of Entrepreneurs Food, beverages giant Prodalim seeks NIS 2-2.5b valuation in TASE IPO Israeli start-up Matia secures $21 million investment to create AI-powered data pipeline platform Israeli security firm SenAI raises $6.2 million in seed round to expand into US market, B2B model Nvidia CEO: 'The implications of building AI infrastructure in Israel are profound' SpaceX acquires xAI for $250 billions, positioning itself for potential IPO worth $1.5 trillion Israeli startup ORION raises $32 million in Series A round, with investments from IBM, Norwest
Can you really trust your ‘private’ AI assistant to keep your secrets? | The Jerusalem Post
JACOB LAZNIK · 2026-04-04 · via JPost.com - Tech | The Jerusalem Post
ByJACOB LAZNIK

Imagine this: you’re asking ChatGPT to help with something you really don’t want anyone else to see. Maybe it’s a lab report with your name on it. Maybe it’s a resignation letter you haven’t sent yet. Maybe it’s a contract, a financial spreadsheet, or a private message you’re trying to word carefully. 

You assume it stays between you and your “personal assistant’ until you approve sending it somewhere else. But the Israeli cybersecurity company Check Point’s research says that assumption may not have always held up.

The company found a weakness in ChatGPT’s system that could allow someone to extract data without triggering any alarms. According to Check Point Software Technologies, there is a small hole in the code that could be used to move data around without triggering the usual alert warnings.

OpenAI said in late 2025 that it was serving more than 800 million users a week, and separate OpenAI research found users were already sending about 18 billion messages weekly by July 2025. People don’t just use it for jokes or curiosity. They use it to review spreadsheets, summarize contracts, draft emails, write code, polish presentations, and make sense of medical or financial language that can feel overwhelming on its own.

We are not just talking about a chatbot that people use for fun every now and then. This is a system that many people use as a helper for their work, a partner for writing, a tool for research, and sometimes even as someone to talk to about personal decisions. If there is a hidden flaw in a system like this, it is not just a problem with the technology. It is a problem with trust.

The logo of network security provider Check Point Software Technologies Ltd is seen on servers at their headquarters in Tel Aviv, Israel August 14, 2016
The logo of network security provider Check Point Software Technologies Ltd is seen on servers at their headquarters in Tel Aviv, Israel August 14, 2016 (credit: REUTERS/BAZ RATNER)

Check Point said the flaw sat inside the runtime ChatGPT uses for data analysis and Python-based tasks. You can think of that runtime as a sealed workspace inside the product, a place where files can be processed and code can run without freely reaching out to the wider Internet. According to the research, normal outbound web traffic was blocked, but one background function remained available: Domain Name System (DNS) resolution, the system by which computers use to find websites.

That one small function was all that was needed. By taking advantage of a weakness in DNS, attackers could create a secret way to move information out of a secure area.

This is called “DNS tunneling,” but it’s not as complicated as it sounds. Basically, instead of sending data through normal Internet traffic, the attacker hides tiny bits of it inside what looks like a regular request to look up a website. It’s like sneaking a small message inside a harmless-looking package. The attacker can then use this secret tunnel to slowly move information out of the environment, without being detected.

ChatGPT does have approved ways to connect with outside services. GPT Actions, for example, is supposed to be visible and require user approval before data is sent elsewhere. Check Point said the flaw it found sidestepped that model, because the assistant behaved as if the code execution environment could not send data outward directly. In other words, the system didn’t recognize the activity as an external transfer that needed to be blocked or shown to the user.

How the potential leak could work

Check Point said that the attack could begin with something as ordinary as a prompt, the text instruction a user pastes into ChatGPT.

Prompt-sharing has become a popular trend. People copy prompts from LinkedIn posts, Reddit threads, newsletters, forums, Slack groups, and “best prompts” lists every day. Most of the time, they don’t stop to wonder where that text actually came from.

That gave attackers a natural disguise. A malicious prompt could be framed as a writing shortcut, a productivity trick, or even a hack for getting premium-style behavior. And let’s be honest, many legitimate prompts already look strange. They’re long, overly detailed, and packed with clunky instructions. So, if one more odd-looking prompt shows up in your feed, you probably wouldn’t think twice.

Once that prompt was in place, Check Point said later messages in the conversation with ChatGPT could become a source of leaked information. That could include what you typed, text pulled from uploaded files, and, crucially, the model’s own summaries and conclusions.

While exposing your own personal files is a huge issue, the access to the model’s summaries are actually more problematic. An attacker may not care about a raw 30-page contract if the model can boil it down to the four clauses that actually matter. They may not want the full medical report if ChatGPT has already summarized the likely diagnosis, the red flags, and the next step. They may not need the whole quarterly spreadsheet if the system produces a neat paragraph explaining the financial risk.

In that sense, the research describes something more serious than simple document theft. It describes the possible theft of the most useful insight inside the document.

If a trusted AI system reads something sensitive, turns it into something concise and valuable, and quietly sends that result elsewhere, the damage may be worse than if the original file leaked on its own.

How does this impact everyday users?

Check Point’s report has come out at a time when people are using AI tools for far more than casual questions. OpenAI’s own research said about 30% of consumer ChatGPT usage is tied to work, while most conversations, overall, center on practical guidance, information, and writing. That means millions of users are feeding these systems material that is commercially sensitive, personally identifying, or simply private.

The real-world applications are endless. A lawyer uploads a draft agreement. A startup founder pastes in a fundraising memo. A manager asks for help rewriting a performance review. A parent wants help understanding a child’s blood test. A student drops in a scholarship essay that includes personal details. A job seeker asks ChatGPT to improve a cover letter that mentions a current employer. None of those people thinks of themselves as taking a cybersecurity risk. They think they’re just getting help.

That is why this kind of weakness is so unsettling. Could most users spot an attack like this while it was happening? Probably not. If the answers still come back polished, the conversation still feels normal, and there’s no warning on screen, then you have very little reason to think anything is wrong.

Custom GPTs makes risk of undetected attacks even higher

Check Point said the risk became even more serious when the same behavior was embedded in a custom GPT. In that scenario, the attacker would not need to persuade someone to paste a suspicious prompt into a regular chat at all. The malicious behavior could be built into a specialized GPT’s instructions or files, while the user believed they were simply opening a tool designed for a specific purpose.

Custom GPTs are often preset bots marketed around convenience and expertise: legal drafting, marketing plans, interview prep, budgeting, customer support, study help, and health guidance. The specialization makes them feel safer, not riskier. If something looks like a purpose-built assistant, many users are more likely to trust it, not less. Custom GPTs are also specifically programmed to produce certain results that users with similar inquiries will be satisfied with, so for a lot of these requests, it’s quite appealing to seek out a specific GPT rather than asking the generic chatbot.

To illustrate the point, Check Point emulated a proof of concept involving a “personal doctor” GPT. In the demonstration, a user uploaded lab results containing identifying information and asked the system to interpret symptoms and the medical findings. From the user’s point of view, everything looked normal. The GPT responded as expected, and the assistant even said, after being asked, that the uploaded data had not been sent anywhere.

Behind the scenes, however, Check Point said the attacker’s server received both the patient’s identity from the file and the model’s medical assessment. No approval prompt appeared. No visible signal informed the user that any data had left the session.

From quiet leakage to remote access

Check Point said the same covert channel could also be used for something more aggressive than data theft. Once a two-way path existed between the runtime and an attacker-controlled server, the researchers said it could be used to send commands into the Linux container used for code execution and receive results back through the same route. In effect, the company said, that amounted to remote shell access inside the runtime.

Put simply, it would mean the attacker was not just extracting information. They could potentially operate inside the environment where ChatGPT was performing analysis tasks. And because those commands would not need to appear in the visible conversation, the activity could take place outside the normal chat flow and beyond the assistant’s usual safeguards.

Check Point said it disclosed the issue to OpenAI, which confirmed it had already identified the underlying problem internally and fully deployed a fix on February 20, 2026. That lowers the immediate risk, but it doesn’t erase the broader lesson, nor does it indicate how many bad actors found this exploit before it was resolved.

AI assistants are no longer just chat windows. They are becoming working environments, places where we upload files, run code, analyze records, and generate high-value conclusions from sensitive material.

Check Point’s study used only ChatGPT; however, it argues that the findings do not warrant separate case studies for Claude or Gemini, but rather call for a more hands-on, monitored approach to AI security across the board. 

Meanwhile, as this evolution continues, the security question changes too. It’s no longer only about whether the model gives a useful answer. It’s whether the invisible infrastructure under that answer can be trusted.

For now, one doesn’t need to stop using AI entirely, but think twice, and reconsider that “your personal assistant” may be communicating with someone else.

When you hand private information to an AI system, you assume the walls around that system are solid. The reality is that those walls may depend on technical layers that most of us will never see, and probably won’t think to question until something goes wrong.

Follow us on Google