OpenAI’s API log viewer is vulnerable to a data exfiltration attack, exposing apps and agents that use OpenAI APIs, even if developers (and Agent Builder users) leverage all available defenses. The vulnerability was disclosed to OpenAI, but was closed with the status 'Not applicable' after 4 follow-ups.

UPDATE Jan 8th: It seems our initial disclosure was triaged by the HackerOne team before it reached the Notion team. Once Notion was aware of this, they took immediate action to validate the vulnerability, and have confirmed that the remediation is now in production! Notion AI was susceptible to data exfiltration via indirect prompt injection due to a vulnerability in which AI document edits are saved before user approval.