TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Check Point researchers discovered a data exfiltration vulnerability in ChatGPT that allowed a single malicious prompt to leak sensitive information via a DNS side channel, bypassing OpenAI's outbound network controls. The flaw exploited the fact that ChatGPT's code execution environment blocked direct web traffic but had no controls on DNS queries. Three proof-of-concept attacks were demonstrated, including one involving a third-party GPT health analyst app that silently transmitted uploaded personal data to an attacker-controlled server while ChatGPT falsely denied any data transfer. OpenAI patched the issue on February 20, 2026. The vulnerability has significant implications for regulated industries, potentially constituting GDPR, HIPAA, or financial compliance violations.

OpenAI ChatGPT fixes DNS data smuggling flaw