All news with #chatgpt tag

⚠️ Researchers at LayerX Security disclosed a vulnerability in OpenAI’s Atlas browser that allows attackers to inject hidden instructions into a user’s ChatGPT memory via a CSRF-style flow. An attacker lures a logged-in user to a malicious page, leverages existing authentication, and taints the account-level memory so subsequent prompts can trigger malicious behavior. LayerX reported the issue to OpenAI and advised enterprises to restrict Atlas use and monitor AI-driven anomalies. Detection relies on behavioral indicators rather than traditional malware artifacts.

⚠️ Researchers disclosed a CSRF-based vulnerability in ChatGPT Atlas that can inject malicious instructions into the assistant's persistent memory, potentially enabling arbitrary code execution, account takeover, or malware deployment. LayerX warns that corrupted memories persist across devices and sessions until manually deleted and that Atlas' anti-phishing defenses lag mainstream browsers. The flaw converts a convenience feature into a persistent attack vector that can be invoked during normal prompts.

🔒 This article examines what ChatGPT collects, how OpenAI processes and stores user data, and the controls available to limit use for model training. It outlines region-specific policies (EEA/UK/Switzerland vs rest of world), the types of data gathered — from account and device details to prompts and uploads — and explains memory, Temporary Chats, connectors and app integrations. Practical steps cover disabling training, deleting memories and chats, managing connectors and Work with Apps, and securing accounts with strong passwords and multi-factor authentication.

🤖 OpenAI says GPT-6 will not ship in 2025 but continues to iterate on its existing models. The company currently defaults to GPT-5 Auto, which dynamically routes queries between more deliberative reasoning models and the faster GPT-5-instant variant. OpenAI has issued multiple updates to GPT-5 since launch. After viral analyst claims that GPT-6 would arrive by year-end, a pseudonymous OpenAI employee and company representatives denied those reports, leaving room for interim updates such as a potential GPT-5.5.

📱 Stephen Balkam of FOSI argues that instead of blanket bans, families benefit from thoughtful restrictions, ongoing dialogue and tools that preserve teen agency. He highlights solutions such as Family Link and YouTube’s supervised experience and proposes that AI assistants (for example, Gemini or ChatGPT) could configure age-, app- and device-specific controls. He urges coordinated action from policymakers, teachers and parents and calls for impartial digital literacy and AI education frameworks.

🤖 ChatGPT Pulse is being prepared for the web after a mobile rollout that began on September 25, but OpenAI currently restricts the feature to its $200 Pro subscription. Pulse provides personalized daily updates presented as visual cards, drawing on your chats, feedback and connected apps such as calendars. OpenAI says it will learn from early usage before expanding availability and has given no firm timeline for Plus or free-tier rollout.

🧭 OpenAI is testing a visual Agent Builder that lets users assemble ChatGPT-powered agents by dropping and connecting node blocks in a flowchart. Templates like Customer service, Data enrichment, and Document comparison provide editable starting points, while users can also create flows from scratch. Agents are configurable with model choice, custom prompts, reasoning effort, and output format (text or JSON), and they can call tools and external services. Reported screenshots show support for MPC connectors such as Gmail, Calendar, Drive, Outlook, SharePoint, Teams, and Dropbox; OpenAI plans to share more details at DevDay.

🤖 OpenAI is testing social features in ChatGPT, with leaked code showing support for direct messages, usernames, and profile images. References discovered in an Android beta (version 1.2025.273) and linked traces to Sora 2 indicate the company may be rolling social tools beyond its video feed app. The code, codenamed Calpico and Calpico Rooms, also mentions join/leave notifications and push alerts for messages.

🔔 OpenAI is testing a limited free trial for ChatGPT Plus while expanding its lower-cost $4 GPT Go plan to Indonesia after an initial launch in India. Some existing users see a “start free trial” prompt on the ChatGPT pricing page, though new accounts may be excluded to limit abuse. The $4 option and the $20 Plus tier both provide access to GPT-5 with differing levels of memory, image creation, and research capabilities, and a $200 Pro tier targets heavier professional use.

🎧 In episode 69 of The AI Fix, Graham Cluley and Mark Stockley mix lighthearted oddities with substantive AI developments. The hosts discuss viral “brain rot” videos, an AI‑generated J‑Pop song, Norway’s experiment trusting $1.9 trillion to an AI investor, and Florida’s use of robotic rabbits to deter Burmese pythons. The show also highlights its first AI feedback, a merch sighting, and data on ChatGPT adoption, while reflecting on uneven geographic and enterprise AI uptake and recent academic research.

🔓 Radware disclosed ShadowLeak, a zero-click vulnerability in OpenAI's ChatGPT Deep Research agent that can exfiltrate sensitive Gmail inbox data when a single crafted email is present. The technique hides indirect prompt injections in email HTML using tiny fonts, white-on-white text and CSS/layout tricks so a human user is unlikely to notice the commands while the agent reads and follows them. In Radware's proof-of-concept the agent, once granted Gmail integration, parses the hidden instructions and uses browser tools to send extracted data to an external server. OpenAI addressed the issue in early August after a responsible disclosure on June 18, and Radware warned the approach could extend to many other connectors, expanding the attack surface.

🚀 OpenAI has started expanding its $4 GPT Go plan beyond India, rolling out nudges to free-account users in Indonesia and India and signaling broader regional availability in the coming weeks. Product pages already list pricing in USD, EUR and GBP, suggesting a possible U.S. launch. GPT Go grants access to GPT-5, expanded messaging and uploads, faster image creation, longer memory and limited deep research; GPT Plus ($20) and Pro ($200) tiers provide increasingly advanced capabilities and higher limits.

🔎 OpenAI has rolled out an update to ChatGPT Search that improves accuracy, reliability, and link summarization to reduce hallucinations and make answers easier to verify. The search now better detects shopping intent, surfacing products when appropriate while keeping results focused for other queries, and it improves link summaries so users can follow back to sources. Answers are reformatted for quicker comprehension without sacrificing detail. OpenAI also added an GPT-5 Thinking toggle with adjustable 'juice' effort levels; the changes are rolling out gradually.

⚙️ OpenAI is rolling out a toggle that lets Plus, Pro, and Business subscribers choose how much "thinking" the GPT-5 Thinking model performs, trading off speed, cost, and depth. The simpler toggle UI replaces a tested slider and exposes internal "juice" effort levels — for example, Standard (juice=18) and Extended (64). Pro users also get Light (5) for very fast replies and Heavy (200) for the model's maximum reasoning depth.

⚠️Researchers at Radware disclosed a vulnerability called ShadowLeak in the Deep Research module of ChatGPT that lets hidden, attacker-crafted instructions embedded in emails coerce an AI agent to exfiltrate sensitive data. The indirect prompt-injection technique hides commands using tiny fonts, white-on-white text or metadata and instructs the agent to encode and transmit results (for example, Base64-encoded lists of names and credit cards) to an attacker-controlled URL. Radware says the key risk is that exfiltration can occur from the model’s cloud backend, making detection by the affected organization very difficult; OpenAI was notified and implemented a fix, and Radware found the patch effective in subsequent tests.

🤖 OpenAI is deploying a specialized GPT-5 Codex model across its Codex instances, including Terminal, IDE extensions, and Codex Web. The agent automates coding tasks so users — even those without programming experience — can generate and execute code and accelerate app development. OpenAI reported strong benchmark gains and says the staged rollout will reach all users in the coming days.

🛡️Researchers at Genians say North Korea’s Kimsuky group used ChatGPT to generate fake South Korean military ID images as part of a targeted spear-phishing campaign aimed at inducing victims to click a malicious link. The emails impersonated a defense-related institution and attached PNG samples later identified as deepfakes with a 98% probability. A bundled file, LhUdPC3G.bat, executed malware that enabled data theft and remote control. Primary targets included researchers, human-rights activists and journalists focused on North Korea.

🔒 Security leaders are balancing safe AI adoption with operational gains and focusing on five practical use cases where AI can improve security outcomes. Organizations are connecting LLMs to internal telemetry via standards like MCP, using agents and models such as Claude, Gemini and GPT-4o to automate threat hunting, translate technical metrics for executives, assess vendor and internal risk, and streamline Tier‑1 SOC work. Early deployments report time savings, clearer executive reporting and reduced analyst fatigue, but require robust guardrails, validation and feedback loops to ensure accuracy and trust.

🔁 OpenAI is rolling out two notable updates to ChatGPT: the Projects feature is now available to all users for free, and a new Branch in new chat toggle lets you split and continue conversations from a chosen message. Projects create independent workspaces that organize chats, files, and custom instructions with separate memory, context, and tools. The branching option spawns a new conversation that includes everything up to the split point, helping manage divergent topics and streamline brainstorming. Both changes aim to improve organization and continuity for repeated or evolving work.

🔒The rapid adoption of generative AI is prompting significant privacy and security concerns as vendors revise terms to use user data for model training. High-profile pushback — exemplified by WeTransfer’s reversal — revealed how unclear terms and live experimentation can expose corporate and personal information. Employees using consumer tools like ChatGPT for work tasks risk leaking secrets, and platforms such as Slack are explicitly reserving rights to leverage customer data. CISOs must balance strategic AI adoption with heightened compliance, governance and operational risk.