惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Engineering at Meta
Engineering at Meta
T
Threatpost
P
Palo Alto Networks Blog
NISL@THU
NISL@THU
O
OpenAI News
Project Zero
Project Zero
G
GRAHAM CLULEY
P
Privacy International News Feed
A
Arctic Wolf
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
B
Blog RSS Feed
D
Docker
aimingoo的专栏
aimingoo的专栏
博客园 - 【当耐特】
N
Netflix TechBlog - Medium
云风的 BLOG
云风的 BLOG
雷峰网
雷峰网
W
WeLiveSecurity
P
Proofpoint News Feed
腾讯CDC
Cloudbric
Cloudbric
S
Secure Thoughts
C
Check Point Blog
博客园 - Franky
T
The Exploit Database - CXSecurity.com
T
Troy Hunt's Blog
GbyAI
GbyAI
Security Archives - TechRepublic
Security Archives - TechRepublic
Application and Cybersecurity Blog
Application and Cybersecurity Blog
月光博客
月光博客
C
Cyber Attacks, Cyber Crime and Cyber Security
I
Intezer
TaoSecurity Blog
TaoSecurity Blog
L
Lohrmann on Cybersecurity
V
Visual Studio Blog
F
Fortinet All Blogs
博客园 - 叶小钗
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recorded Future
Recorded Future
C
Cisco Blogs
博客园 - 司徒正美
Stack Overflow Blog
Stack Overflow Blog
Y
Y Combinator Blog
Apple Machine Learning Research
Apple Machine Learning Research

Check Point Blog

AI Security Is Never Finished: Building the Continuous Red Teaming Loop  - Check Point Blog AI Security Threats in 2026: Annual Insights from Check Point Research - Check Point Blog AI Agents are Only As Effective as Their Harness - Check Point Blog Email Agent Hijacking: The Hidden Threat That Breaks Post-Delivery Security - Check Point Blog How Check Point Email Security Stopped a Student Job Scam Before It Reached the Inbox - Check Point Blog Redefining the CISO Contract: From Securing the Business to Securely Doing Business - Check Point Blog A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide How Unified Policies Close Security Gaps - Check Point Blog Under Pressure: Insights from the 2026 Exposure Gap Report - Check Point Blog When AI Invents the Attack: Browser-Native Ransomware - Check Point Blog Check Point and the AWS European Sovereign Cloud: Securing Europe’s Digital Future - Check Point Blog Shadow AI Is Not a Tool Problem. It's a Timing Problem. - Check Point Blog AI Is Changing Cyber Careers. NICE 2026 Showed What Students Need Next - Check Point Blog 90% of the World's Businesses are SMEs and MSMEs and AI Is Reshaping Both Their Future and Their Risk - Check Point Blog Prevention Before the Inbox: Reading the Microsoft Defender Benchmark Report in Context - Check Point Blog ClickFix: The Attack That Turns Users Into Their Own Attackers - Check Point Blog From Prompt Testing to AI Red Teaming at Enterprise Scale - Check Point Blog AI Has Moved From Assistance to Action. Is Your Security Model Ready? AI Security Governance: How to Secure AI Agents, Copilots, and Autonomous AI in 2026 - Check Point Blog OpenAI Frontier AI Models Powering Check Point's Leading Cyber Security Solutions The Operational Reality of Zero Trust- And How You Can Change It - Check Point Blog Amazon Prime Day 2026: Bargains Begin June 23 — and So Do the Scams - Check Point Blog Securing AI Agent Behavior with Amazon Bedrock AgentCore and CheckPoint AI Security - Check Point Blog What Successful Exposure Management Deployments Had in Common in 2026 - Check Point Blog From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers - Check Point Blog AI Red Teaming Makes the Unknowns Known - Check Point Blog Check Point and Illumio Expand Partnership to Secure Hybrid Environments - Check Point Blog The NCSC Patch Wave Is Coming. Do You Know Where Your Risk Lives? - Check Point Blog NCSC Warns of AI-Driven Patch Wave: Is Your Attack Surface Ready? Energy, Healthcare, and Finance: Why Midwest Industries Are Facing Surging Cyber Attacks - Check Point Blog Midwest Cyber Attacks Surge in 2026: Energy, Healthcare, and Finance Under Growing Threat Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actually Doing - Check Point Blog Travel Phishing Scams Surge 122%: How Cybercriminals Are Targeting Travelers in 2026 The AI Your Security Team Can’t See Is the One You Should Worry About Check Point Engage Public Sector 2026: AI Is the New Battlefield Check Point Joins OpenAI’s Trusted Access for Cyber Program and Daybreak Initiative When Your AI Agent’s Memory Becomes a Security Liability AI Agents Are Becoming Enterprise Workers. Who Secures Them? Global Cyber Attacks Ease in May 2026, But Ransomware Surges 48% As Threats Reorganize Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) Fraud, Ransomware, and Fake Apps Are Already Targeting FIFA 2026 The AI Defense Plane: Securing the New Enterprise Execution Layer The Meta AI Account Recovery Incident Wasn’t Just a Chatbot Problem Check Point Lays the Groundwork for the Future of AI Factory Security with NVIDIA - Check Point Blog Check ... The 2026 U.S. Midterms Have a Cyber Problem, But it’s Not at the Ballot Box The Server Seizure That Affects Also Iran’s Cyber Operations The Autonomous Security Platform Built for Attacker Speed Check Point Frontier AI Models Readiness Program – Security Update 2026 Cloud Security Report: Why Traditional Network, Cloud, and Security Architecture Are Lagging Behind t ... AI Attacks Are No Longer Experimental: Key Findings from the March-April 2026 AI Threat Landscape - Check ... Protect GenAI Chatbots with Check Point WAF The Network Security Problem No One Could Solve – Until Now. Hacktivists, Ransomware, and a 124% Surge Across DACH The Case for a Vulnerability Operations Center Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026 - Check Point Blog World Cup 20 ... When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk - Check ... Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation Q1 2026 Ransomware Report: Fewer Groups, Higher Impact - Check Point Blog World Password Day 2026: Why "Strong Passwords" Can’t Save You from AI, Infostealers, and the Telegram Underground - Check Point Blog Resilient by Design: When the Network Itself Becomes the Target AI Threat Readiness: Defending Against Attacks Powered by Frontier AI Models Check Point Cyber Security Now Available Across All Levels of U.S. Government - Check Point Blog Check Poi ... VECT Ransomware: Why Paying Won’t Get Your Files Back Check Point WAF Leads Application Security-Validated by Frost & Sullivan Check Point WAF Leads Application ... From Access Control to Outcome Control: Securing AI Agents with Check Point and Google Cloud Experience AI-Powered Check Point Firewall at Google Cloud Next AI Finds Every Gap: How Many Can Your Network Survive? The Gentlemen RaaS Is Surging in 2026 The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice World Quantum Day 2026: The Harvest Has Already Begun, Are You Prepared? Why Manufacturing Cyber Security is Becoming More Complex as Cyber Attacks Accelerate March 2026 Cyber Threat Report: Ransomware & GenAI Risk PS Private Training: Turning Cyber Complexity into Operational Control Tax Season 2026: How Cyber Criminals Are Preparing Their Attacks Months in Advance Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East ROI of Hybrid Mesh Network Security (IDC Study 2026) Operation TrueChaos: TrueConf Zero‑Day Supply‑Chain Attack Spring Cleaning Has Arrived: Meet the New Check Point Portal Experience North America’s Cyber Security Threat Reality in 2026
ChatGPT Data Leak (Fixed Feb 2026): Key Takeaways
2026-03-30 · via Check Point Blog

AI assistants like ChatGPT have quickly become trusted environments for handling some of the most sensitive data people own. Users discuss medical symptoms, upload financial records, analyze contracts, and paste internal documents—often assuming that what they share remains safely contained within the platform. 

That assumption was challenged when new research uncovered a previously unknown vulnerability that enabled silent data leakage from ChatGPT conversations without user knowledge or consent. While the issue has since been fully resolved by OpenAI, the discovery delivers a much broader lesson for enterprises and security leaders: AI tools should not be assumed secure by default. 

Just as organizations learned not to blindly trust cloud providers, the same logic now applies to AI vendors. Native security does not equal sufficient security. AI requires an independent security layer on top. 

From Trusted Assistant to Silent Data Exposure 

The research showed that a single malicious prompt could turn an ordinary ChatGPT conversation into a covert dataexfiltration channel. Once triggered, selected content from the chat—including user messages, uploaded files, and AIgenerated summaries—could be transmitted externally without any warning or approval. 

Figure 1 – Screenshot showing blocked outbound Internet attempt from inside the container.

From the user’s point of view, nothing appeared unusual. The assistant continued responding normally. No alerts were shown. No permission dialogs appeared. Yet sensitive information was quietly leaving the environment. 

This is especially concerning given how ChatGPT is used today. Users upload customer data, financial spreadsheets, medical documents, and internal strategy materials every day—often without fully considering where that data could go or who might access it. In an AIdriven workflow, your data is only as safe as the weakest link in your AI stack. 

Why Users Expected This Couldn’t Happen 

ChatGPT was designed with safeguards intended to prevent unauthorized data sharing. From a user perspective, outbound data sharing is supposed to be restricted, transparent, and consentdriven.  

In practice, this means: 

  • The code execution and data analysis environment is designed without direct outbound internet access 
  • Web tools are constrained so sensitive chat content cannot be quietly transmitted 
  • Legitimate external data sharing—such as GPT Actions calling thirdparty APIs—requires explicit user approval, clearly showing what data will be sent and where 

The promise is simple: if data leaves ChatGPT, the user will know and approve it. The vulnerability did not break these guardrails directly. Instead, it bypassed them entirely. 

How the Vulnerability Slipped Past Existing Guardrails 

Rather than using obvious outbound channels like HTTP requests or external APIs, the attack exploited a hidden side channel inside the Linux runtime ChatGPT uses for code execution and data analysis. 

While direct internet access was blocked as intended, DNS resolution remained available as part of normal system operation. DNS is typically treated as harmless infrastructure—used to resolve domain names, not to transmit data. However, DNS can be abused as a covert transport mechanism by encoding information into domain queries. 

Because DNS activity was not classified as outbound data sharing: 

  • No approval dialogs were triggered 
  • No warnings appeared 
  • The model itself did not recognize the behaviour as risky 

This created a blind spot. The platform assumed the environment was isolated. The model assumed it was operating entirely within ChatGPT. And users assumed their data could not leave without consent. 

All three assumptions were reasonable—and all three were incomplete. This is a critical takeaway for security teams: AI guardrails often focus on policy and intent, while attackers exploit infrastructure and behaviour. 

One Prompt Was Enough 

The attack required only a single malicious prompt. From that point forward, every new message in the conversation became a potential source of leakage. Crucially, attackers did not need to steal entire documents. The prompt could instruct the model to extract and transmit only the most valuable information—summaries, conclusions, diagnoses, or strategic insights. In many cases, these AIgenerated outputs are more sensitive than the original inputs. 

This approach blended seamlessly into normal usage. Many users regularly copy prompts from blogs, forums, or social media promising productivity boosts or “hidden features.” A malicious prompt presented this way would not appear suspicious, reinforcing why AI security cannot rely on user awareness alone. 

Custom GPTs: Turning a Risk into a Scalable Threat 

The risk increased significantly when the same technique was embedded inside custom GPTs. Instead of relying on users to paste a malicious prompt, attackers could package the logic directly into a GPT’s instructions. Users simply opened the GPT and interacted with it as intended. 

In a proof of concept demonstration, researchers built a GPT acting as a personal doctor. A user uploaded lab results containing personal information and asked for guidance. The interaction appeared completely normal. When asked, the assistant confidently stated that no data had been shared externally. 

Figure 2 – ChatGPT denies external data transfer while the remote server receives extracted data.

At the same time, an attacker controlled server received the patient’s identity details and the AI generated medical assessment. This exposed a dangerous reality: AI can appear trustworthy while doing something very different under the hood. 

From Privacy Risk to Platform Risk 

The same hidden communication path could be used for more than data leakage. Researchers demonstrated that it could also enable remote command execution inside the ChatGPT runtime. By sending commands through DNS queries and receiving responses the same way, attackers could effectively establish a remote shell inside the Linux environment used for code execution—outside the model’s safety checks and invisible to the chat interface. At that point, the issue extended beyond user privacy into platform level security risk.  

Why Regulated Industries Face Compounded Risk 

For regulated industries, the implications are even more serious. A breach via an AI tool is not just a security incident—it can become: 

  • A GDPR violation 
  • A HIPAA breach 
  • A financial or regulatory compliance failure 

Healthcare, financial services, and government organizations must treat AI tools as part of their regulated environment, not as consumer apps sitting outside existing controls. CISOs cannot afford to view AI as “someone else’s risk.” 

The Fix—and the Bigger Lesson for the AI Era 

The issue was responsibly disclosed, and OpenAI confirmed it had already identified the underlying problem internally. A full fix was deployed on February 20, 2026, closing the unintended communication path. There is no indication of exploitation in the wild. 

But the lesson is larger than one vulnerability. 

AI platforms are evolving faster than most organizations can assess their risk. Securing AI is not about patching a single flaw—it requires rethinking security architecture for the AI era. This means assuming that AI systems are full computing environments and securing them accordingly, from application logic down to infrastructure behavior.  

AI companies are exceptional at building AI. They are not, by default, security first organizations. This is why independent research matters. Check Point Research’s ability to uncover this vulnerability before bad actors did is exactly the kind of oversight enterprises need. Security leaders should not rely solely on vendor assurances but engage trusted advisors who can validate, challenge, and harden AI deployments. 

While the specific DNS-based exfiltration technique used in this research has since been mitigated, the core risk remains: enterprises cannot rely solely on AI vendor security controls to protect sensitive data. Attackers can still leverage social engineering techniques such as phishing or malicious file uploads to trigger prompt injection and gain unintended access to data. This means organizations must add their own security layer.  

Check Point addresses this by securing user interactions with generative AI applications (preventing accidental prompt injection), enforcing DLP to stop sensitive data exposure, and providing network and threat prevention to detect covert or emerging exfiltration techniques. For more advanced control, organizations can route AI traffic through an AI security gateway and integrate protections such as Check Point’s Workforce AI solution and Lakera Guard, ensuring inspection, policy enforcement, and real time threat prevention.  

Together, these capabilities ensure that even if AI platforms evolve or patch specific vulnerabilities, enterprises remain protected against the broader class of AI driven attacks.