ChatGPT flaw enabled silent data exfiltration via DNS
Check Point Research described a 2026 vulnerability in ChatGPT’s code execution runtime: an attacker could use a hidden channel (including DNS) to send conversation content and uploaded files to an external server — often without a visible user action. OpenAI has since patched it.
In short: One malicious prompt could send conversation content outward — Enterprise alone is not risk-free.
Why it is not “just an OpenAI bug”
For business, employee behaviour matters more: contracts, source code, and customer data still get pasted into public chatbots. Enterprise mode reduces training-on-your-data risk but does not stop secrets entering someone else’s system.
That is why we offer AI inside your cloud — model routing and an assistant that does not leave the EU on a single click.