What happened
Security researchers at Tenable disclosed seven vulnerabilities in ChatGPT, specifically in the GPT-4o and GPT-5 models developed by OpenAI. These flaws enable attackers to employ indirect and “zero-click” prompt injection techniques, manipulating the AI chatbot into disclosing private user data, such as chat history or memory.
Who is affected
Any organization or individual using ChatGPT or similar large language model (LLM) services in environments where users’ chat histories, memory features, or browsing-enabled features are enabled is at risk. The vulnerabilities span how the chatbot handles web content, user-supplied links, and trusted domains, so both consumer and enterprise deployments of ChatGPT (and derivative tools) are within scope.
Why CISOs should care
- These vulnerabilities demonstrate that AI/LLM services are not immune to data-exfiltration risks and expand the threat surface for the enterprise.
- As enterprises increasingly integrate ChatGPT-style tools into their workflows (for example, in support, summarization, or agent assistants), these flaws could lead to the unauthorized disclosure of internal data.
- The fact that untrusted content can exploit one-click or zero-click injection flaws means even users who don’t knowingly “interact” with malicious prompts may be exposed.
- There is a broader implication: Relying on LLMs without robust oversight or control can undermine trust, compliance, and data governance frameworks.
3 Practical actions for CISOs
- Review and restrict LLM usage: Audit where ChatGPT or similar LLM services are used in your organisation. Disable features like “memory”, user browsing, or summarisation of external web links unless explicitly approved.
- Implement usage controls and monitoring: Establish policies limiting LLM input to vetted/known content, enforce safe-domain whitelists, and monitor for anomalous output that may indicate injection or exfiltration attempts.
- Work with vendors and prompt-harden your models: Engage with your LLM vendor (in this case, OpenAI) to ensure patches/remediations are applied, and implement internal prompt-hardening practices (e.g., sanitizing links, verifying context, isolating agentic behavior) so that the AI cannot be steered via malicious prompts.