ADVERTISEMENT

ChatGPT retrieved internal company files in 42 milliseconds when asked a single question

An employee of Sola Security, a small new cybersecurity company, asked ChatGPT a single routine question about SSO configuration. But in response, the chatbot’s backend quietly retrieved hundreds of internal company files in less than a second.

company-files-chatgpt

Image by Cybernews.

Gintaras Radauskas
Gintaras Radauskas Senior Journalist
Mar 31, 2026 Updated: 2 April 2026 5 min read
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

AI behavior you can’t see or control

“There was no breach, no attacker, and no alert. The access occurred through a standard and fully approved OAuth connection,”
Sola Security
Shadow AI
“Shadow AI” is the unmonitored use of generative AI tools. Image by Cybernews

The prompt woke up the ChatGPT backend

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites
ADVERTISEMENT
A smarphone with ChatGPT app open
Image by Jakub Porzycki/NurPhoto via Getty Images

This wasn't a breach

Has my data been leaked?
Amidst all the AI hype, the fact is that the tools in most security stacks were built to watch humans, not backend AI processes.

ADVERTISEMENT