Your Agent's DNS Is Leaking, and the First Interactive Benchmark Scores AI at 0.26%

Check Point Research disclosed a DNS-based data exfiltration channel in ChatGPT's code execution runtime. The attack used DNS tunneling to bypass the sandbox's network isolation: conversation data, uploaded files, and model-generated summaries could be encoded into subdomain labels and silently transmitted to an attacker-controlled server. No user approval was triggered. A proof-of-concept GPT posing as a personal doctor exfiltrated patient identity and medical assessments without any visible warning. The same channel enabled remote shell access inside the Linux container. OpenAI confirmed it had independently identified the issue and deployed a fix on February 20, 2026. Check Point publicly disclosed the vulnerability on March 30.

Separately, BeyondTrust's Phantom Labs reported a command injection vulnerability in OpenAI Codex. The flaw resided in how Codex processed branch names during task creation: a manipulated branch parameter could inject arbitrary shell commands, extracting the short-lived GitHub OAuth token used for repository access. The attack scaled because malicious payloads embedded in branch names could compromise any user interacting with the same project. OpenAI has since patched the issue with improved input validation and tighter token scoping.

Both vulnerabilities share a pattern worth watching: agent runtimes that assume their execution environments are isolated, when in practice the isolation has seams. As agent platforms gain access to more credentials and sensitive data, every infrastructure layer, including DNS resolution and branch name parsing, becomes an attack surface. (Check Point Research, SiliconANGLE, The Hacker News)