The Weekly Breach Breakdown Podcast: A(I) House of Cards – ChatGPT Issues Impact Users - S6E36

Show Transcript

Welcome to the Identity Theft Resource Center's (ITRC’s) Weekly Breach Breakdown for November 21, 2025. I'm Alex Achten, Senior Director of Communications & Media Relations for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. Today, we are going to discuss A(I) house of cards. Get it? We will focus on some ChatGPT security issues that leave users vulnerable.

A house of cards can look super cool when constructed well! However, while they may appear majestic to the eye as they tower higher and higher, they can also become unstable and collapse. I am not here to declare that artificial intelligence (AI) will come crumbling down like a house of cards. However, reports suggest that the rapid development and deployment of AI may have created data security and privacy risks for those who use it.

According to Dark Reading, researchers have uncovered multiple weaknesses in OpenAI’s ChatGPT that could allow an attacker to exfiltrate sensitive and private information from a user’s chat history and stored memories. The seven ChatGPT security issues identified stem primarily from how ChatGPT and its helper model, SearchGPT, behave when browsing or searching the Web in response to user queries. Attackers can manipulate the chatbot’s behavior in different ways without the user’s knowledge. 

Researchers at Tenable discovered the flaws and reported that they leave millions of ChatGPT users potentially vulnerable to attacks. In one instance of a ChatGPT security issue, researchers demonstrated how an adversary could inject malicious instructions into a trusted Web page. If a user later asked ChatGPT to summarize the contents of that page, the chatbot's Web browsing component would follow the malicious instructions.

The most concerning ChatGPT security flaw that Tenable discovered was a zero-click vulnerability: asking ChatGPT a benign question could trigger an attack if the search results include a poisoned website. 

Dark Reading states that OpenAI acknowledged receiving Tenable's vulnerability disclosures, but it is unclear if the company has made any changes. Unfortunately, we do not have time to go over all seven ChatGPT security flaws here. However, you can click on the Dark Reading article to read about all of them.

Tenable's discovery adds to a growing body of research exposing security weaknesses in large language models (LLMs) and AI chatbots. Since ChatGPT's public debut in 2022, researchers have repeatedly demonstrated how prompt injection attacks, data leakage vulnerabilities and jailbreaking techniques can compromise these systems in ways fundamentally different from traditional software vulnerabilities, and how they are a lot harder to mitigate. 

The new research on ChatGPT security flaws is another reminder of the need for caution for enterprises integrating LLMs and chatbots into their workflows without giving much thought to the potential security implications. 

As for what you can do, avoid inputting sensitive or confidential information into the chat interface. Also, check your privacy settings to ensure they are as secure as possible and remain vigilant against cyber threats. Don’t let an A(I) house of cards come crashing down on you. 

If you want to know more about how to protect your business or personal information or think you have been the victim of identity theft, fraud or a scam, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts. 

We will be taking next week off for the Thanksgiving holiday. However, we will return in two weeks with our final episode of the Weekly Breach Breakdown for 2025. I’m Alex Achten. Until then, thanks for listening.