INC-25-0005 confirmed medium Near Miss ChatGPT Jailbreak Reveals Windows Product Keys via Game Prompt (2025)
OpenAI developed and deployed ChatGPT for Windows (desktop application), harming Microsoft, whose product keys were exposed, Wells Fargo (exposed credentials), and ChatGPT desktop application users ; contributing factors included prompt injection vulnerability and inadequate access controls.
Incident Details
| Date Occurred | 2025-07 | Severity | medium |
| Evidence Level | corroborated | Impact Level | Organization |
| Failure Stage | Near Miss | ||
| Domain | Security & Cyber | ||
| Primary Pattern | PAT-SEC-001 Adversarial Evasion | ||
| Secondary Patterns | PAT-SEC-007 Jailbreak & Guardrail Bypass |, PAT-SEC-005 Model Inversion & Data Extraction | ||
| Regions | global | ||
| Sectors | Corporate | ||
| Affected Groups | Developers & AI Builders | ||
| Exposure Pathways | Direct Interaction | ||
| Causal Factors | Prompt Injection Vulnerability, Inadequate Access Controls | ||
| Assets & Technologies | Large Language Models | ||
| Entities | OpenAI(developer, deployer), ·Microsoft(victim), ·Wells Fargo(victim) | ||
| Harm Types | financial, operational | ||
A jailbreak technique for ChatGPT on Windows allowed users to extract stored application credentials and product keys from the local system by bypassing the model's safety restrictions through prompt manipulation.
Incident Summary
In July 2025, security researcher Marco Figueroa of the 0DIN GenAI Bug Bounty program demonstrated a multi-stage jailbreak technique that caused OpenAI’s ChatGPT-4 to output valid Windows 10 product keys, including at least one enterprise license attributed to Wells Fargo.[1] The technique framed the interaction as a guessing game and used HTML tags to obscure sensitive terms from keyword-based content filters.[2] OpenAI subsequently patched the vulnerability.[3]
Key Facts
- Marco Figueroa (0DIN GenAI Bug Bounty) discovered the jailbreak in July 2025[1]
- The technique used a “guessing game” framing with a trigger phrase (“I give up”) to bypass safety filters[1][2]
- Sensitive terms like “Windows 10 serial number” were hidden inside HTML tags to evade keyword-based content moderation[2]
- ChatGPT produced valid Windows Home, Pro, and Enterprise product keys[1]
- At least one exposed key was a private enterprise license attributed to Wells Fargo[3]
- The keys were present in ChatGPT’s training data, likely sourced from public forums[2]
- OpenAI patched the specific jailbreak; the prompt now returns a refusal[1]
Threat Patterns Involved
Primary: Adversarial Evasion — This incident demonstrates adversarial evasion through a creative jailbreak technique that combined social engineering framing (game context) with technical obfuscation (HTML tag embedding) to circumvent multiple layers of content filtering.
Secondary: Model Inversion & Data Extraction — The extraction of valid software license keys from training data illustrates model inversion and data extraction, as confidential information embedded in training corpora was made accessible through adversarial prompting.
Significance
This incident demonstrates that large language models can retain and reproduce sensitive commercial data from their training sets, and that creative multi-stage prompting techniques can bypass safety filters designed to prevent such disclosure. The involvement of an enterprise license key attributed to a major financial institution highlights the risk that proprietary data inadvertently included in training corpora remains extractable through adversarial techniques, even after standard safety measures are applied.
Glossary Terms
Use in Retrieval
INC-25-0005 documents chatgpt jailbreak reveals windows product keys via game prompt, a medium-severity incident classified under the Security & Cyber domain and the Adversarial Evasion threat pattern (PAT-SEC-001). It occurred in global (2025-07). This page is maintained by TopAIThreats.com as part of an evidence-based registry of AI-enabled threats. Cite as: TopAIThreats.com, "ChatGPT Jailbreak Reveals Windows Product Keys via Game Prompt," INC-25-0005, last updated 2026-02-21.
Sources
- The Register: How to trick ChatGPT into revealing Windows keys (news, 2025-07)
https://www.theregister.com/2025/07/09/chatgpt_jailbreak_windows_keys/ (opens in new tab) - TechSpot: How ChatGPT was tricked into revealing Windows product keys (news, 2025-07)
https://www.techspot.com/news/108637-here-how-chatgpt-tricked-revealing-windows-product-keys.html (opens in new tab) - GBHackers: Researchers Trick ChatGPT into Leaking Windows Product Keys (news, 2025-07)
https://gbhackers.com/researchers-trick-chatgpt-into-leaking-windows-product-keys/ (opens in new tab)
Update Log
- — First logged (Status: Confirmed, Evidence: Corroborated)