// OpenaiMEDIUM
Security researcher zer0dac disclosed a vulnerability chain in ChatGPT combining a guardrail bypass with path traversal in the file download mechanism, potentially allowing access to restricted system files. The vulnerability exploited inconsistent path normalization and social engineering of the LLM to bypass deletion policies. OpenAI remediated the issue by redesigning the URL download flow, with practical impact limited by sandboxing but highlighting a critical vulnerability class in AI-generated backend endpoints.
// Get alerts for Openai