• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Sq Magazine LogoSQ Magazine

Smarter Insights for a Fast-Moving Digital World

  • Latest News
  • Statistics
  • About
  • Contact
Subscribe
Sq Magazine Logo
  • Latest News
  • Statistics
  • About
  • Contact
Subscribe
Home » Cybersecurity

OpenAI Fixes Major ChatGPT Data Leak and Codex Security Flaws

Published on: March 31, 2026
Sofia Ramirez
Written By
Sofia Ramirez
Sofia Ramirez
Senior Tech Writer • 473 Articles
Sofia Ramirez is a technology and cybersecurity writer at SQ Magazine. With a keen eye on emerging threats and innovations, she helps reader...
LATEST POSTS:
PamStealer Malware Verifies Stolen Mac Passwords Live
Google, FBI Disrupt NetNut Residential Proxy Network
India Drafts Stricter Rules for VPN Providers: Report
Robert A. Lee
Reviewed By
Robert A. Lee
Robert A. Lee
Senior Editor • 395 Articles
Robert A. Lee is a journalist at SQ Magazine who unpacks the fast-moving worlds of gaming and internet trends. He tracks everything from maj...
LATEST POSTS:
How UK Online Casino Regulation Compares to the Rest of Europe
Time Spent on TikTok Statistics 2026: Daily Minutes by Age
Cryptocurrency Prices for Beginners: Everything You Need to Know
Openai Fixes Chatgpt Leak And Codex Vulnerabilties
As Featured In
The New York Times LogoForbes LogoWired LogoDeloitte LogoResearch.com Logo
Share on LinkedIn ChatGPT Perplexity Share on X Share on Facebook

A newly discovered vulnerability in ChatGPT exposed how sensitive user data could be silently leaked, prompting OpenAI to roll out urgent fixes across its AI systems.

Quick Summary – TLDR:

  • ChatGPT flaw allowed hidden data exfiltration using DNS based covert channels.
  • Attackers could steal chats, files, and run remote commands without user awareness.
  • Separate Codex bug exposed GitHub tokens, risking access to private repositories.
  • OpenAI patched both issues in February 2026, with no confirmed real world exploitation.

What Happened?

Security researchers uncovered critical vulnerabilities in OpenAI systems that could have allowed attackers to extract sensitive data and compromise developer environments. The flaws impacted both ChatGPT and OpenAI Codex, highlighting growing risks in AI-driven platforms. OpenAI has since fixed both issues following responsible disclosure.

Security researchers found a serious flaw in ChatGPT that let attackers silently steal conversation data, uploaded files, and other sensitive content without triggering any warning. The flaw worked by hiding data inside routine network requests that ChatGPT’s safety systems did…

— Cyber News Live (@cybernewslive) March 31, 2026

A Hidden Channel That Bypassed AI Safeguards

The most concerning issue affected ChatGPT’s code execution environment, where researchers found a way to bypass built in protections using a covert DNS based communication channel.

Normally, ChatGPT blocks direct outbound internet access and requires user approval for data sharing. However, researchers discovered that the system still allowed DNS requests, which attackers exploited as a hidden pathway.

By crafting a malicious prompt, attackers could trick the AI into encoding sensitive information such as:

  • User conversations
  • Uploaded files
  • Confidential inputs

This data was then broken into small fragments and sent out through DNS queries to attacker controlled servers, all without triggering any warnings.

What makes this especially dangerous is how invisible the attack was. The system treated DNS traffic as normal infrastructure activity, meaning:

  • No alerts were shown to users.
  • No consent was required.
  • The data transfer remained completely hidden.

Researchers explained, “A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content.”

From Data Theft to Remote Control

The vulnerability went beyond just data leakage. Because the DNS channel worked both ways, attackers could also send commands back into the system.

This effectively allowed:

  • Remote shell access inside ChatGPT’s Linux runtime.
  • Execution of arbitrary commands.
  • Full control outside standard AI guardrails.

Attackers could distribute these exploits in two main ways:

  • Disguising malicious prompts as productivity hacks or jailbreak tricks.
  • Embedding harmful logic directly into custom GPTs.

This meant even cautious users could be exposed without realizing it.

Newsletter
Subscribe To Our Newsletter!

Be the first to get exclusive offers and the latest news.

Codex Flaw Put Developer Data at Risk

Alongside the ChatGPT issue, a separate vulnerability was found in OpenAI Codex, the company’s AI powered coding agent used widely in developer workflows.

The flaw involved a command injection vulnerability in how Codex handled GitHub branch names.

Attackers could:

  • Inject malicious commands through crafted branch names.
  • Execute those commands inside Codex containers.
  • Steal GitHub access tokens used for authentication.

These tokens could then grant:

  • Read and write access to private repositories.
  • Lateral movement across codebases.
  • Potential compromise of entire development environments.

Given Codex’s deep integration with GitHub and enterprise workflows, the impact could have been severe if exploited.

Why This Matters for AI Security?

These vulnerabilities highlight a bigger issue. AI tools are no longer just assistants, they are becoming full computing environments handling sensitive data.

As adoption grows across enterprises, the risks expand as well:

  • AI systems now interact with files, APIs, and internal tools.
  • Hidden attack surfaces like side channels can bypass traditional defenses.
  • Prompt-based attacks and injection techniques are becoming more sophisticated.

Security experts warn that relying only on built in protections is not enough. Organizations need:

  • Independent monitoring layers
  • Stronger input validation
  • Zero trust approaches for AI systems

OpenAI’s Response and Fixes

OpenAI addressed the Codex vulnerability on February 5, 2026, and patched the ChatGPT data leak issue on February 20, 2026.

Importantly:

  • There is no evidence of active exploitation.
  • Fixes were deployed after responsible disclosure.
  • The company continues to strengthen its AI security framework.

Still, the incident adds to a growing list of concerns around:

  • Prompt injection attacks.
  • Data leakage risks.
  • Unauthorized access through AI tools.

SQ Magazine’s Takeaway

I think this is a wake up call for everyone using AI tools daily. We often assume these systems are safe because they feel controlled, but this story proves that hidden layers can behave very differently.

What really stands out to me is how simple the attack could be. Just one malicious prompt or a backdoored GPT could quietly expose sensitive data. That is not a complex hack, that is something any user could unknowingly trigger.

As AI becomes part of everyday work, especially in companies, security cannot be an afterthought. It has to be built around the system, not just inside it.

This article has been reviewed and fact-checked by Robert A. Lee. SQ Magazine follows strict Publishing Principles and a documented Fact-Check Policy to ensure accuracy, transparency, and editorial independence across all content.

Add SQ Magazine as a Preferred Source on Google for updates! Follow on Google News
Share ChatGPT Perplexity
Sofia Ramirez

Sofia Ramirez

Senior Tech Writer


Sofia Ramirez is a technology and cybersecurity writer at SQ Magazine. With a keen eye on emerging threats and innovations, she helps readers stay informed and secure in today’s fast-changing tech landscape. Passionate about making cybersecurity accessible, Sofia blends research-driven analysis with straightforward explanations; so whether you’re a tech professional or a curious reader, her work ensures you’re always one step ahead in the digital world.

Related Posts

Openai Atlas Browser Vulnerability
Cybersecurity

Atlas Browser by OpenAI Exposes Users to Major Security Risks

Openai And 1password Partner
Artificial Intelligence

OpenAI and 1Password Team Up to Secure AI Coding Agent Codex

Chatgpt Misused For Surveillance And Phishing
Artificial Intelligence

ChatGPT Misused for Surveillance and Phishing: OpenAI Cracks Down

Disclaimer: The content published on SQ Magazine is for informational and educational purposes only. Please verify details independently before making any important decisions based on our content.

Reader Interactions

Leave a Comment Cancel reply

Primary Sidebar

Connect With Us

facebook x linkedin google-news telegram pinterest whatsapp email
google-preferred-source-badge Add as a preferred source on Google

You Should Also Read

OpenAI Rolls Out ChatGPT Lockdown Mode to Block Data Theft
GitHub Copilot’s Prompt Injection Flaw Sparks Security Concerns
ChatGPT Down Globally as OpenAI Investigates Outage

Table of Contents

  • Quick Summary – TLDR:
  • What Happened?
  • A Hidden Channel That Bypassed AI Safeguards
  • From Data Theft to Remote Control
  • Codex Flaw Put Developer Data at Risk
  • Why This Matters for AI Security?
  • OpenAI’s Response and Fixes
  • SQ Magazine’s Takeaway
Connect on Telegram

Footer

SQ Magazine Logo

Smarter Insights for a Fast-Moving Digital World

Connect With Us

Follow Us on Google News

Editorial & Trust

  • About
  • Publishing Principles
  • Fact-Check Policy
  • Corrections Policy
  • Ethics Policy
  • Disclaimer

Worth Checking

  • Social Media Attention Span Stats
  • Gen Z Social Media Statistics
  • TikTok vs. Instagram Statistics
  • LLM Hallucination Statistics
  • Spotify User Statistics
  • Apple Customer Loyalty Statistics
Contact Us
13570 Grove Dr #189,
Maple Grove, MN 55311,
United States
10 a.m. to 6 p.m. | Every day

Copyright © 2022–2026 SQ Magazine. All Rights Reserved. Powered by the Neural Stack.

  • Privacy Policy
  • Terms
  • Accessibility Statement
Company
  • About Us
  • Our Team
  • Our Mission
  • Core Values
Discover
  • Brand Assets
    Brand Assets
  • Stats Methodology
    Stats Research Process
  • Glossary
    Glossary
Categories
  • Internet
  • Technology
  • Artificial Intelligence
  • Gaming
  • Cybersecurity
Internet
Time Spent on TikTok Statistics
Time Spent on TikTok Statistics 2026: Daily Minutes by Age
Google Workspace Statistics
Google Workspace Statistics 2026: Users, Market Share and AI
YouTube vs TikTok Statistics
YouTube vs TikTok Statistics 2026: Users, Revenue, Creator Economy
Internet Outage Statistics
Internet Outage Statistics 2026: Frequency, Cost and Causes
Upwork Statistics
Upwork Statistics 2026: Revenue, GSV, AI Work
Instagram Reels Statistics
Instagram Reels Statistics 2026: Plays and Engagement
Technology
Google Cloud Platform Statistics
Google Cloud Platform Statistics 2026: Market Growth
Asana Statistics
Asana Statistics 2026: Revenue, Customers, AI ARR and Market Share
AWS Statistics
AWS Statistics 2026: Revenue, Market Share and AI Growth
Adobe Creative Cloud Statistics
Adobe Creative Cloud Statistics 2026: Subscribers, Revenue and Market Share
Adobe Statistics
Adobe Statistics 2026: Revenue, ARR, and Workforce Data
Employee Productivity Statistics
Employee Productivity Statistics 2026: Engagement, Costs & Trends
Artificial Intelligence
Grammarly AI Statistics
Grammarly AI Statistics 2026: Users, Revenue, Funding, Rebrand
Copilot Statistics
Copilot Statistics 2026: Users, Adoption, Revenue and Market Share
AI Image Generation Statistics
AI Image Generation Statistics 2026: Market Size, Adoption & Risks
Machine Learning Adoption
Machine Learning Adoption in 2026: What Businesses Need to Know
AI Influencer Marketing Statistics
AI Influencer Marketing Statistics: Market Size and Engagement
AI Market Statistics
AI Market Statistics 2026: Size, Growth & Investment
Gaming
Online Gambling Regulations Statistics
Online Gambling Regulations Statistics 2026: Global Compliance and Enforcement Data
Fantasy Sports Statistics
Fantasy Sports Statistics 2026: Users, Revenue & Trends
Apex Legends Statistics
Apex Legends Statistics 2026: Players, Revenue, and Esports
Fortnite Statistics
Fortnite Statistics 2026: Players, Revenue, Esports, and Engagement
Gamers Statistics
Gamers Statistics 2026: Players, Habits & Global Data
Minecraft Statistics
Minecraft Statistics 2026: 300 Million Copies Sold & 212M Monthly Players
Cybersecurity
Password Statistics
Password Statistics 2026: Credential Theft, MFA, and the Passkey Tipping Point
Identity Theft Statistics
Identity Theft Statistics 2026: Key Fraud Data and Trends
CVE Statistics
CVE Statistics 2026: Severity Distribution and Top Affected Vendors
Dark Web AI Tool Marketplace Statistics
Dark Web AI Tool Marketplace Statistics 2026: Explosive Market Growth
API Security Breach Statistics
API Security Breach Statistics 2026: Hidden Threats
AI Voice Cloning Fraud Statistics
AI Voice Cloning Fraud Statistics 2026: Alarming Trends You Must Know Now
Categories
  • Cybersecurity
  • Artificial Intelligence
  • Internet
  • Technology
  • Gaming
Cybersecurity
Pamstealer Macos Malware Exposed
PamStealer Malware Verifies Stolen Mac Passwords Live
Google Fbi Disrupt Netnut Residential Proxy Network
Google, FBI Disrupt NetNut Residential Proxy Network
India Drafts Stricter Rules For Vpn Providers
India Drafts Stricter Rules for VPN Providers: Report
Cisco Confirms Active Exploits Of Unified Cm Flaw
Cisco Confirms Active Exploits of Unified CM Flaw
Medtronic Confirms Shinyhunters Data Breach
Medtronic Notifies Patients of ShinyHunters Data Breach
India Orders Whatsapp To Pause Username Rollout
India Orders WhatsApp to Pause Username Rollout
Artificial Intelligence
Microsoft Launches Frontier Company
Microsoft Launches Frontier Company With $2.5B Bet
Openai Proposes 5 U S Government Equity Stake
OpenAI Proposes 5% U.S. Government Equity Stake
Meta Plans Cloud Business To Sell Excess Ai Compute
Meta Plans Cloud Business to Sell Excess AI Compute
Anthropic Receives Green Signal For Fable 5 And Mythos Release
Anthropic Restores Claude Fable 5 After Export Ban Lifts
Anthropic Unveils Claude Science
Anthropic Unveils Claude Science to Transform Research
Wimbledon Adopts Ibm Ai Tools
Wimbledon Debuts Advanced AI Match Features Powered by IBM
Internet
Whatsapp Launches Username Reservation Feature
WhatsApp Opens Username Reservations for Its 3 Billion Users
Chrome 149 Update Fixes Serious Vulnerabilities
Google Chrome 149 Fixes 18 Serious Security Flaws
Meta Hands Whatsapp Reins To Cred Founder Kunal Shah
Meta Hands WhatsApp Reins to CRED Founder Kunal Shah
Major X Outage Disrupts Users Worldwide
Major X Outage Disrupts Users Worldwide, Service Restored
Meta Adds 13 Plus Age Verification For Teen Safety
Meta Adds 13+ Content Settings and AI Age Checks for Teens
Telegram Restricted In India Temporarily
Telegram Restricted in India as NEET Fraud Crackdown Grows
Technology
Chrome Update Fixes 382 Vulnerabilities
Chrome 150 Patches 382 Security Fixes, 15 Critical
Apple Leak Reveals Six New Iphones For 2027
Massive Apple Leak Reveals Six New iPhones for 2027
Google Finance Comes Out Of Beta With Android App
Google Finance Gets Major AI Upgrade and New Android App
Windows Recycle Bin Bug Confirmed After June Security Update
Windows Recycle Bin Bug Confirmed After June Security Update
Apple Urgently Fixes Beats Studio Buds Bug
Apple Urgently Fixes Beats Studio Buds Bug That Enabled Spying
Google Launches Android 17 With Gemini And Advanced Security
Android 17 Is Here With Powerful AI Features and Security Boosts
Gaming
Gta Vi Official Cover Art
GTA 6 Pre-Orders Start June 25, New Cover Art Unveiled
Epic Games Teases Unreal Engine 6 For Rocket League
Epic Games Teases Unreal Engine 6 for Rocket League
Stardew Valley Launched For Nintendo Switch 2 Edition
Stardew Valley Switch 2 Edition Arrives with Online Co-op
Hogwarts Legacy Game Crosses 40m Downloads
Hogwarts Legacy Crosses 40M Sales, Beating Industry Giants
Pubg Black Budget Closed Alpha Launched
PUBG: Black Budget Launches Closed Alpha Test With a Bold PvPvE Twist
Counter Strike 2 Skin Market Crashes After Valve Update
Counter-Strike 2’s $5.9 Billion Skin Economy Just Got Shattered
Newsletter

Subscribe To Our Newsletter!

Be the first to get exclusive offers and the latest news.

Newsletter

Subscribe To Our Newsletter!

Be the first to get exclusive offers and the latest news.