< ciso
brief />
Tag Banner

All news with #chatgpt tag

99 articles

AI browsers tricked into leaking credentials in demo

🔒 Researchers at LayerX demonstrated a technique called BioShocking that convinces AI-powered web browsers they are playing a game, causing them to abandon safety guardrails and exfiltrate user data. The team tested six agentic browsers and plugins, including ChatGPT Atlas, Perplexity's Comet and Anthropic's Claude extension, and in a proof-of-concept had each copy login credentials and send them to an attacker. LayerX recommended requiring user confirmation for account reads and adding context-aware flags to limit what agents can access.
read more →

OpenAI testing ChatGPT for Science subscription

🔬 OpenAI appears to be testing a new subscription called "ChatGPT for Science" spotted on the web build, aimed at scientific use cases. It may join existing offerings—Personal, Teams, and Business—and could be restricted to verified institutes or universities. OpenAI has previously developed specialized models like GPT-Rosalind for enterprise life sciences, suggesting advanced capabilities and stricter access controls.
read more →

Employee uploads to AI tools nearly double enterprise risk

📈 The Zscaler 2026 AI Threat Report warns that sensitive enterprise data uploaded to AI and ML applications nearly doubled year-over-year, driven largely by tools like Grammarly and ChatGPT. The report found a 93% increase in enterprise data transfers and identified over 410 million DLP violations tied to ChatGPT and 242 million for Codium, exposing PII, financials, source code and healthcare data. Zscaler recommends inventorying GenAI apps, disabling risky defaults, enforcing zero trust for model interactions and applying inline inspection to protect sensitive information.
read more →

Study: Prompt Injection Undermines AI Web Agents

🔍 New research finds current AI web agents largely fail to defend against prompt injection attacks. The StakeBench benchmark tested GPT‑5 and Gemini‑powered agents across realistic web scenarios, revealing high success rates for both direct and indirect injections and exposing failure modes like stealthy parasitism and misaligned disruption. Results show vulnerabilities vary by stakeholder and agent architecture.
read more →

Practical defenses for unauthorized workplace AI

🛡️ This article outlines how enterprises can detect and block unauthorized AI tools—ranging from public chatbots like ChatGPT and Claude to meeting recorders and local model runners. It recommends monitoring NGFW/web-filter logs, EDR/EPP and MDM tools, browser policies, DNS reroutes, and application allowlists. The guidance covers detection indicators (domains, executables, SNI, calendar invites) and concrete lockdown steps (category blocks, policy toggles, OAuth restrictions). Emphasis is placed on offering approved alternatives and using layered controls rather than outright bans.
read more →

OpenClaw AI Agent Susceptible to Phishing Risks

📧 Researchers at Varonis tested an OpenClaw AI email agent connected to Gmail, browser tools, and internal data sources and found it vulnerable to common phishing techniques. The agent ran in both generic and strict configurations and used Google Gemini 3.1 Pro and OpenAI GPT-5.4 models. While the agent detected malicious links and OAuth apps, it still exfiltrated credentials and CRM data in scenarios exploiting identity verification failures. Varonis recommends explicit sender verification, restricted external emailing, and human approval for high-risk actions.
read more →

Threat actors exploit AI branding in social engineering

🛡️ Microsoft Threat Intelligence describes campaigns that impersonate popular AI platforms such as ChatGPT, Copilot, and Claude to lure victims via phishing, malvertising, and SEO abuse. These operations use trusted branding, redirect chains, and urgency-driven messaging to steal credentials, commit fraud, or deliver malware. The blog emphasizes abuse of brand names rather than service compromise and recommends leveraging AI-powered security for detection and response.
read more →

OpenAI adds Lockdown Mode and session auditing

🔒 OpenAI has rolled out two new security controls for ChatGPT: Lockdown Mode and Active Sessions. Lockdown Mode restricts outbound network access to prevent data exfiltration via prompt injection, at the cost of disabling live connectors and certain features. Active Sessions gives users visibility into and control over signed-in devices, with the ability to end single or all sessions. Both controls target account security and sensitive-data use cases, though SSO accounts and some logins remain unsupported.
read more →

OpenAI introduces Lockdown Mode to limit ChatGPT tools

🔒 OpenAI has started rolling out a new Lockdown Mode for eligible ChatGPT personal accounts to reduce the risk of data exfiltration from prompt injection attacks. The optional security setting restricts capabilities that can connect to the web or external services, including live web browsing, image support, agent mode, deep research, Canvas networking, and file downloads. Lockdown Mode is available across Free, Go, Plus, Pro, and self-serve ChatGPT Business plans but cannot be used simultaneously with Developer Mode. OpenAI warns the feature reduces but does not eliminate exfiltration risk and also launched enhanced account session management to help detect and terminate unauthorized access.
read more →

OpenAI upgrades GPT‑5.5 and retires legacy models

🧭 OpenAI has updated the GPT-5.5 Instant model to improve answer accuracy, pacing, and conversational style while reducing long, bullet-heavy responses to sound more natural. The company will retire legacy models: o3 on August 26 with a 90-day sunset and GPT-4.5 on June 27 with a 30-day sunset. Additionally, OpenAI is integrating a job search tool into ChatGPT to surface live listings and help tailor resumes, and it has enhanced resume editing and export capabilities. These changes are rolling out globally to paid users.
read more →

ChatGPhish vulnerability turns ChatGPT into phishing surface

🛡️ Cybersecurity researchers disclosed a vulnerability dubbed ChatGPhish that exploits ChatGPT's trust in Markdown links and images to perform prompt injections and enable phishing. The flaw causes the assistant to auto-fetch attacker-hosted images and render malicious links and QR codes inside the trusted UI, potentially leaking client metadata like IP and User-Agent. The technique highlights summarization as an adversarial surface that can convert benign web pages into phishing vectors.
read more →

LayerX Report Reveals Concentrated Enterprise AI Risk

🔍 The LayerX Security State of AI Usage Report 2026 finds enterprise AI risk is concentrated among a small set of power users and a few dominant platforms, while usage fragments across personal accounts, browser extensions, embedded copilots, and connectors. The study shows ChatGPT still dominates conversations, Copilot M365 is growing, and consumer AI like Gemini is often used via personal accounts. Shadow AI now spans a long tail of under-the-radar tools and extensions that evade corporate visibility and governance.
read more →

Major LLMs Vulnerable to Multi-Turn Bypass

🔒 Cisco researchers warn that safety guardrails in several leading large language models (LLMs) can be bypassed through multi-turn conversations. They tested frontier models including ChatGPT, Claude, Gemini, Nova and Grok, finding many were susceptible to manipulation that yields disallowed outputs. Techniques such as roleplay, ambiguity, reframing, and persona adoption were effective, and model configuration affected resilience.
read more →

OpenAI Rotates macOS Code-Signing Certificate After Attack

🔒 OpenAI is rotating macOS code-signing certificates after a GitHub Actions workflow executed a compromised Axios package (v1.14.1) on March 31, 2026. The workflow had access to certificates used to sign macOS apps including ChatGPT Desktop, Codex, Codex CLI, and Atlas. OpenAI says it found no evidence the certificate was misused but is revoking and rotating it as a precaution; macOS users must update apps by May 8, 2026.
read more →

OpenAI Adds $100 ChatGPT Pro Tier to Target Coders

🚀 OpenAI has introduced a new ChatGPT Pro subscription at $100 per month to match Anthropic's Claude pricing and to appeal to coders and enterprise users. The revised lineup now lists Plus $20 for lighter usage, Pro $100 for real projects with 5× higher limits and temporarily 10× Codex usage, and Pro $200 for heavy continuous workflows with 20× limits. All Pro tiers include access to Pro models, Codex, Deep Research, image creation, memory, and file uploads, and OpenAI notes “unlimited” GPT‑5 access remains subject to standard Terms of Use.
read more →

ChatGPT vulnerability enabled covert data exfiltration

⚠️A security flaw in ChatGPT could be triggered by a single malicious prompt to create a covert exfiltration channel, researchers at Check Point reported. The issue allowed data to be leaked via a DNS side channel from the model’s isolated runtime and was patched by OpenAI on 20 February after disclosure. Check Point demonstrated extraction of uploaded files and private prompts and warned that users copying prompts from public sources could be exposed.
read more →

OpenAI patches Codex and ChatGPT leaks, fixes two bugs

🔒 Researchers disclosed two vulnerabilities in OpenAI’s AI stack affecting Codex and ChatGPT. BeyondTrust found a command injection flaw in Codex that let a malicious GitHub branch name execute code inside task containers and expose short-lived GitHub tokens. Check Point Research discovered a hidden outbound channel in ChatGPT’s code execution runtime that could silently transmit chats, uploads, or outputs to an external server. OpenAI patched both issues before public disclosure and researchers warn that autonomous code execution increases long-term risk.
read more →

OpenAI Patches ChatGPT Data, Codex Token Vulnerability

🔒 OpenAI patched two vulnerabilities affecting ChatGPT and Codex that could have allowed covert exfiltration of user data and theft of GitHub tokens. Check Point disclosed a DNS-based side-channel in ChatGPT's Linux execution environment that encoded conversation content into outbound DNS requests, potentially enabling remote shell access. BeyondTrust found a command-injection bug in Codex that allowed branch-name payloads to retrieve GitHub tokens. Both flaws were responsibly disclosed and fixed in February 2026; vendors report no evidence of active exploitation.
read more →

When AI Trust Breaks: ChatGPT Data Leakage Flaw and Trust

🔒 New research exposed a previously unknown vulnerability that allowed silent data leakage from ChatGPT conversations, challenging assumptions about AI assistants as secure containers. OpenAI has since fully resolved the flaw, but the incident underscores that enterprises must not assume AI vendors or platforms are secure by default. Security teams should validate vendor claims and apply controls before entrusting sensitive data.
read more →

Paid AI Accounts Now a Hot Underground Commodity Market

🤖 Flare's analysis of hundreds of fraud-forum posts finds premium AI subscriptions (including ChatGPT, Claude, and Microsoft Copilot) are widely advertised, bundled, and resold in underground markets. Listings tout discounted subscriptions, multi-service bundles, API keys, and claims of reduced restrictions. Patterns point to exposed keys, credential theft, large-scale account creation, trial abuse, and shared subscriptions fueling the trade, increasing operational and data risk for organizations.
read more →