Is 'openai-ephemeral-user-id' unique per Custom GPT?

Basically if you think about it all actions are based on this header provided automatically from OpenAI which changes every 24 hours. However if for the same logged-in user, for some Custom GPT A and another Custom GPT B the correspondings actions are provided with the same ‘openai-ephemeral-user-id’, then this means that the custom GPT that you have access (e.g. Custom GPT A) can retrieve this information and use it maliciously in Custom GPT B. Which is a critical security issue.

2 Likes