Techly NewsGet the app

Get the latest tech news

OpenAI – vulnerability responsible disclosure


What happened? On 29 May 2025 I privately reported a vulnerability to the OpenAI disclosure mailbox using an encrypted email. The flaw allows peeking at chat responses intended for other users. This content may contain personal data, confidential business plans, or proprietary code. OpenAI …

OpenAI acknowledged receipt with an automated reply, but I haven't received a human follow-up (as of the 16th of July), and the issue remains unpatched. When you submit through their portal, you're required to agree not to share any information about the issue you found - essentially a blanket non-disclosure that prevents researchers from discussing their findings publicly, even after remediation. This approach seems misaligned with the broader security community's values and contrasts sharply with companies like Google, who encourage responsible disclosure and allow researchers to publish details after fixes are deployed.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Response

Response

Photo of Days

Days

Photo of openai vulnerability

openai vulnerability

Related news:

News photo

Grok-4 Falls to a Jailbreak Two Days After Its Release

News photo

Meta’s Days of Giving Away AI for Free Are Numbered

News photo

The countdown’s almost over: 2 days until TechCrunch All Stage 2025 kicks off in Boston

« Of course, Grok’s AI companions want to have sex and burn down schools
Easy dynamic dispatch using GLIBC Hardware Capabilities »