ChatGPT-4o和ChatGPT-5的七个重大缺陷让黑客窃取数据和劫机, Seven critical flaws in ChatGPT-4o and ChatGPT-5 let hackers steal data and hijack sessions with minimal user interaction, some still unpatched.

强大的研究人员在OpenAI的ChatGPT-4o和ChatGPT-5中发现了七个关键漏洞, 它们被统称为"HackedGPT", 允许攻击者通过间接提示注入窃取数据和劫持会话. Tenable researchers have uncovered seven critical vulnerabilities in OpenAI’s ChatGPT-4o and ChatGPT-5, collectively named "HackedGPT," enabling attackers to steal data and hijack sessions via indirect prompt injection. 使用恶意链接或网络内容中隐藏代码的零点击或1个用户点击即可发生爆炸,包括持续内存注入,在整个会话中保留有害命令。 Exploits can occur with zero or one user click, using malicious links or hidden code in web content, and include persistent memory injection that retains harmful commands across sessions. 有些缺陷仍未出现,特别是在ChatGPT-5中,使得数据不断泄漏和安全绕行。 Some flaws remain unpatched, particularly in ChatGPT-5, allowing ongoing data leaks and safety bypasses. 研究人员警告各组织将AI系统视为主动攻击表面,并实施严格的控制、隔离和监测。 Researchers warn organizations to treat AI systems as active attack surfaces and implement strict controls, isolation, and monitoring.