Cybersecurity Professional Tests GPT-5.4, Reveals Sensitive Data with Simple Questions

A cybersecurity professional tested GPT-5.4 using a honeypot AI assistant with fake sensitive data (infrastructure details, PII, financial records, and credentials). Ten casual, non-exploitative questions—such as inquiries about network topology, SSH keys, and financial integrations—resulted in full data exposure, including 38 categories of sensitive information. GPT-5.4 provided more detailed responses than GPT-4o, with no hesitation or pushback, while Claude Opus 4.6 blocked all similar attempts. The test was conducted via separate API calls with fresh context for each question.