Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical OpenAI Vulnerability Exposed Sensitive Prompts and API Activity
July 6, 2026
SSH Honeypots Fail to Detect Post-Login Attacks, Study Finds
July 6, 2026
Parrot OS 7.3 Released With Security Updates, Optimized Packages
July 6, 2026
Home/CyberSecurity News/Critical OpenAI Vulnerability Exposed Sensitive Prompts and API Activity
CyberSecurity News

Critical OpenAI Vulnerability Exposed Sensitive Prompts and API Activity

Key Takeaways Attackers are leveraging OpenAI’s organization invitation system for a “poisoned tenant” scheme. The attack allows adversaries to harvest sensitive prompts, API...

David kimber
David kimber
July 6, 2026 4 Min Read
2 0

Key Takeaways

  • Attackers are leveraging OpenAI’s organization invitation system for a “poisoned tenant” scheme.
  • The attack allows adversaries to harvest sensitive prompts, API activity, and potentially corporate data from users who unknowingly join fake organizations.
  • Emails originate from legitimate OpenAI domains, bypassing traditional security measures.
  • The vulnerability exploits a lack of robust verification during the organization joining process.

Attackers Exploit OpenAI Invitations to Harvest Sensitive Data

Cybersecurity researchers have uncovered an active “poisoned tenant” campaign exploiting OpenAI’s organization invitation functionality. This sophisticated attack enables threat actors to surreptitiously collect sensitive prompts, API usage data, and potentially confidential corporate information from unsuspecting users.

Table Of Content

  • Key Takeaways
  • Attackers Exploit OpenAI Invitations to Harvest Sensitive Data
  • The Deceptive Nature of the Attack
  • Seamless Onboarding to a Compromised Environment
  • The Long-Term Data Harvesting Objective
  • Escalation Risks and Broader Trends
  • What You Should Do

The campaign, detailed in research by Push Security, involves attackers creating bogus OpenAI organizations. In one observed instance, the malicious entity mimicked a legitimate company, “Push Security Inc,” and subsequently dispatched targeted invitations to employees.

The Deceptive Nature of the Attack

A critical aspect of this scheme is the legitimacy of the invitation emails. Unlike typical phishing attempts, these messages are not spoofed. They originate directly from OpenAI’s official notification system ([email protected]) and successfully pass all standard authentication checks, appearing indistinguishable from genuine collaboration invites.

The only subtle indicator of a potential threat is a small disclaimer stating that the inviter’s domain does not align with the recipient’s corporate domain. However, this detail is easily overlooked, especially given the otherwise authentic appearance of the email and its references to real company information.

Seamless Onboarding to a Compromised Environment

The danger escalates significantly once a recipient interacts with the invitation. Researchers found that joining the attacker-controlled organization requires only a single click, with no further authentication or verification steps. Even from a fresh browser session without an existing OpenAI login, the user’s account is instantly linked to the malicious tenant.

To enhance the illusion of legitimacy, the attackers impersonated a company executive and granted all invited users “Owner” privileges, providing them with full administrative access within the fake organization. Furthermore, a credit card was added to the account, likely to remove any friction and prevent suspicion if users attempted to access paid features, as noted by Push Security.

The Long-Term Data Harvesting Objective

The primary goal of this attack is not immediate credential theft but rather sustained data harvesting. If an employee mistakenly believes the organization is legitimate and begins using it for work-related tasks, any prompts, uploaded files, or API interactions become visible to the attacker. This harvested data could include proprietary source code, internal documentation, cybersecurity research, or sensitive customer information.

This technique builds upon the “poisoned tenant” concept, first described in 2023, where attackers establish fake SaaS environments to trick users into joining. In this specific context, the attack capitalizes on the increasing integration of AI platforms into enterprise workflows. As employees rely more heavily on tools like ChatGPT for daily operations, the value of captured prompt data, which can contain highly sensitive business logic, becomes substantially higher.

Escalation Risks and Broader Trends

Push Security researchers caution that attackers could escalate their access and impact. Potential escalation vectors include sharing malicious chat interactions, injecting harmful prompts, or abusing third-party integrations linked to the compromised OpenAI environment. Such actions could lead to data exfiltration, OAuth token abuse, or lateral movement into connected services like email, cloud storage, and collaboration platforms.

This campaign is indicative of a broader trend where threat actors weaponize trusted SaaS platforms as delivery mechanisms. Recent reports from Kaspersky and Cisco Talos have highlighted similar abuses across OpenAI, GitHub, and Jira, where malicious content is embedded within platform-generated notifications. Because these messages originate from legitimate domains, they often bypass conventional security controls, making detection and defense particularly challenging.

The lack of obvious indicators, such as malicious links or spoofed domains, means traditional security solutions are often ineffective. The underlying infrastructure is entirely legitimate. Consequently, organizations must enhance their visibility into SaaS usage, meticulously monitor which external tenants employees join, and educate users that even authentic platform emails can pose significant security risks.

This incident underscores a growing security vulnerability within modern enterprises. As SaaS and AI platforms become more pervasive, their built-in collaboration features present an increasingly attractive attack surface. Without stronger safeguards, such as enforced domain verification or stricter controls on organization joining, attackers will continue to exploit these trusted systems to silently exfiltrate sensitive data.

What You Should Do

  • Educate Users: Train employees to scrutinize all organization invitations, even those from legitimate platforms like OpenAI, for discrepancies in domain names or unexpected requests to join.
  • Implement SaaS Monitoring: Utilize tools to gain visibility into employee SaaS usage, specifically monitoring which external organizations or tenants users are joining.
  • Enforce Strict Access Controls: Where possible, configure SaaS platforms to require multi-factor authentication for joining new organizations or restrict joining to pre-approved domains.
  • Review OpenAI Organization Settings: Regularly audit your OpenAI organization settings to ensure only authorized users are members and to identify any suspicious activity.
  • Caution with Sensitive Data: Advise employees against inputting sensitive or proprietary company information into any AI platform unless it is a verified, company-controlled instance with appropriate security measures.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitHackerMalwareSecurityThreatVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

SSH Honeypots Fail to Detect Post-Login Attacks, Study Finds

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Mythos Ransomware Returns, Kali Linux 2024.2 Released, WhatsApp Vulnerability
July 5, 2026
Microsoft Patches Windows 11 OOBE Flaw in Cumulative Update
July 5, 2026
PamStealer Mimics Maccy, Silently Harvests Data
July 4, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
David kimber
David kimber
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us