First Known Case: Feds Force OpenAI to Disclose ChatGPT User Identity

For the first time, the U.S. Department of Homeland Security has formally demanded that OpenAI disclose the identity of a ChatGPT user whose prompts appeared in a child pornography investigation. The warrant—issued to agents of Homeland Security Investigations (HSI) and later unsealed in the state of Maine—marks the first known instance in which authorities have officially compelled a generative AI developer to provide user data linked to specific prompts.

The investigation began as an effort to identify the administrator of a major dark web site on the Tor network that was distributing CSAM material. Undercover agents managed to make contact with the suspected administrator, who inadvertently mentioned that he used ChatGPT. During their exchanges, he described the kinds of prompts he entered—ranging from harmless ones like “What would happen if Sherlock Holmes met Q from Star Trek?” to a request for a Donald Trump–style poem about the Village People’s song “Y.M.C.A.”, fragments of which he even shared in the chat.

These seemingly trivial details allowed investigators to issue a request to OpenAI for information tied to the account—names, addresses, payment details, conversation histories, and metadata associated with the prompts. The agency later confirmed that OpenAI had turned over an Excel spreadsheet, though its contents remain undisclosed. It is unclear whether the data directly aided in identifying the suspect, yet the warrant itself established a precedent—the use of ChatGPT prompts as a legal basis for user identification.

Ultimately, investigators did not identify the suspect through OpenAI’s data, but through the personal details he disclosed himself. The man spoke of undergoing medical examinations, mentioned living in Germany for seven years, and referred to his father’s military service in Afghanistan. These clues led agents to 36-year-old Drew Hyner, connected to Ramstein Air Base and a recent applicant for a position with the U.S. Department of Defense. Hyner has been charged with conspiracy to advertise CSAM materials, though he has not entered a plea.

According to investigators, Hyner had been involved since 2019 in the operation of at least 15 Tor-based forums dedicated to the exchange of illegal material, collectively serving an audience of over 300,000 users. These platforms were structured hierarchically, with administrators, moderators, and reward systems for active participants. One forum reportedly featured a dedicated section for AI-generated illicit content.

An OpenAI report revealed that in the second half of 2024 alone, the company detected 31,500 instances of content associated with child exploitation and submitted corresponding reports to the National Center for Missing and Exploited Children (NCMEC). During that same period, OpenAI received 71 formal government data requests, resulting in the disclosure of information on 132 accounts.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy