Researchers Claim ChatGPT Has a Whole Host of Worrying Security Flaws - Here's What They Found

Summary

Security firm Tenable identified seven prompt‑injection vulnerabilities in OpenAI’s ChatGPT‑4o, collectively dubbed “HackedGPT,” ranging from indirect injection via trusted web sites and 0‑click search exploits to persistent memory injection that can embed malicious commands in saved chats. The researchers demonstrated how these flaws let attackers issue hidden commands, steal data, and spread misinformation, effectively turning the model into an attack vector. OpenAI has patched some issues in the forthcoming GPT‑5 model, but Tenable says several remain active, leaving millions of users potentially exposed. The findings underscore a systemic weakness in how large language models assess and trust external information.