All news with #openai tag

🤖 OpenAI is rolling out a mobile update that lets ChatGPT Plus subscribers select the Thinking time toggle, often called the model's 'juice', to enable longer, higher‑compute responses on mobile. Until now, Android devices routed Thinking requests through Standard Thinking, which uses less compute and cannot sustain long reasoning. On desktop, users could already switch between Standard Thinking and Extended Thinking, with Extended using more compute for complex queries. The rollout is gradual, the toggle is limited to ChatGPT Plus (the Go tier does not include it), and OpenAI also introduced new desktop formatting blocks and mini editor toolbars for richer task-specific outputs.

🚀 Microsoft is rolling out GPT-5.2 to Copilot on web, Windows, and mobile as a free upgrade that will coexist with the existing GPT-5.1 model. The new option appears as a 'Smart Plus' mode and uses a 'Thinking' variant designed for more complex, multi-step tasks. OpenAI positions GPT-5.2 as its strongest model family yet, improving productivity for spreadsheets, presentations, coding, document understanding, image work, and tool use.

📰OpenAI is exploring a new ad format for ChatGPT — 'sponsored content' — that could be prioritized within model responses and shown in a sidebar or carousel. References to the feature appeared in an Android beta and in mockups reported by The Information. An OpenAI spokesperson confirmed the company is researching ads and said any approach would be designed to respect user trust.

🛠️ OpenAI is testing a new ChatGPT feature called Skills, modeled on Anthropic's Claude Skills. Reports say the capability — codenamed 'hazelnuts' — will appear as slash commands and include a dedicated Skills editor plus an option to convert a custom GPT into a skill. Claude's Skills are folder-based instructions that can be composable, portable, efficient, and can include executable code; OpenAI's implementation appears to follow a similar design. Timing is unclear, but a January 2026 rollout is currently suggested.

🛡️ OpenAI says it is expanding a "defense in depth" strategy to limit misuse of its frontier AI models, warning they could be used to develop zero-day exploits or aid complex intrusion operations. The company announced a new Frontier Risk Council, broader guardrails, external red‑teaming, and a trusted access program for vetted customers testing defensive use cases. OpenAI also plans to scale its Aardvark Agentic Security Researcher beta to scan codebases and recommend mitigations.

🤖 GPT-5.2 is now generally available in Microsoft Foundry, positioned as a reasoning-first foundation model for enterprise applications. It advances GPT-5.1 with deeper logical chains, expanded context handling, and agentic execution to produce shippable artifacts—design docs, runnable code, tests, and deployment scripts—with fewer iterations. The release emphasizes integrated enterprise controls, managed identities, and policy enforcement to support secure, governed adoption.

🔐 OpenAI says rapid model gains have reshaped its planning and prompted expanded defensive measures. Internal CTF assessments rose from 27% on GPT-5 in August 2025 to 76% on GPT-5.1-Codex-Max in November 2025, leading the company to warn some systems may reach 'High' levels on its Preparedness Framework. OpenAI outlined a layered defense-in-depth strategy — including access controls, infrastructure hardening, egress monitoring, model steering, detection tools and end-to-end red teaming — and is preparing a trusted access program alongside private-beta tools such as Aardvark to steer capabilities toward defensive outcomes.

🔔 OpenAI says recent ChatGPT Plus suggestions are app recommendations, not ads, after users reported shopping prompts — including Target — appearing during unrelated queries like Windows BitLocker. Daniel McAuley described the entries as pilot partner apps introduced since DevDay and part of efforts to make discovery feel more organic. Many users, however, view the branded bubbles as advertising inside a paid product.

🛡️ Recent research shows the “Whisper Leak” attack can infer the topic of LLM conversations by analyzing timing and packet patterns during streaming responses. Microsoft’s study tested 30 models and thousands of prompts, finding topic-detection accuracy from 71% to 100% for some models. Providers including OpenAI, Mistral, Microsoft Azure, and xAI have added invisible padding to network packets to disrupt these timing signals. Users can further protect sensitive chats by using local models, disabling streaming output, avoiding untrusted networks, or using a trusted VPN and up-to-date anti-spyware.

⚠️Researchers from CheckPoint disclosed a critical remote code execution vulnerability in OpenAI's Codex CLI that allowed project-local .env files to redirect the CODEX_HOME environment variable and load attacker-controlled MCP servers. By adding a malicious mcp_servers entry in a repo-local .codex/config.toml, an attacker with commit or PR access could cause Codex to execute commands silently whenever a developer runs the tool. OpenAI addressed the issue in Codex CLI v0.23.0 by blocking project-local redirection of CODEX_HOME, but the flaw demonstrates how automated LLM-powered developer tools can expand the attack surface and enable persistent supply-chain backdoors.

⚠️OpenAI's ChatGPT experienced a global outage that caused errors and disappearing conversations for many users. Many reported seeing messages such as "something seems to have gone wrong" and "There was an error generating a response," while some conversations vanished and new messages kept loading indefinitely. DownDetector recorded over 30,000 reports, and OpenAI acknowledged elevated errors and said engineers were working on a fix. Service began returning as of 15:14 ET, though performance remained slow.

🔴 OpenAI's ChatGPT experienced a global outage that produced "something seems to have gone wrong" errors and stalled responses, with some users reporting that entire conversations disappeared and new messages never finished loading. BleepingComputer observed the model continuously loading without delivering replies, while DownDetector recorded over 30,000 reports. OpenAI confirmed elevated errors at 02:40 ET, said it was working on a fix, and by 15:14 ET service had begun returning but remained slow.

🚨 The emergence of agentic AI browsers converts the browser from a passive viewer into an autonomous digital agent that can act on users' behalf. To perform tasks—booking travel, filling forms, executing payments—these agents must hold session cookies, saved credentials, and payment data, creating an unprecedented attack surface. The piece cites OpenAI's ChatGPT Atlas as an example and warns that prompt injection and the resulting authenticated exfiltration can bypass conventional MFA and network controls. Recommended mitigations include auditing endpoints for shadow AI browsers, enforcing allow/block lists for sensitive resources, and augmenting native protections with third-party browser security and anti-phishing layers.

📝 OpenAI is internally testing an 'ads' feature in the ChatGPT Android beta that references bazaar content, search ad entries and a search ads carousel. The leak, spotted in build 1.2025.329, suggests ads may initially be confined to the search experience but could expand. Because the assistant retains rich context, any placements could be highly personalized unless users opt out. This development may signal a major shift in ChatGPT's monetization and the broader web advertising landscape.

🔒 OpenAI confirmed a customer data exposure after its analytics partner Mixpanel suffered a smishing attack on November 8, which allowed attackers to access profile metadata tied to platform.openai.com accounts. Stolen fields included names, email addresses, approximate location, OS/browser details, referrers, and organization or user IDs. OpenAI says ChatGPT and core systems were not breached and that no API keys, passwords, payment data, or model payloads were exposed. The company has terminated its use of Mixpanel and is notifying impacted customers directly.

🔒 According to an OpenAI statement, cybercriminals accessed analytics provider Mixpanel's systems in early November, and data tied to some API users may have been exposed. Potentially affected fields include account names, associated email addresses, approximate browser-derived location (city, state, country), operating system and browser details, referring websites, and organization or user IDs. OpenAI said its own systems and products such as ChatGPT were not impacted, that sensitive items like chat histories, API requests, API usage data, passwords, credentials, API keys, payment details, and government IDs were not compromised, and that it has removed Mixpanel from its systems while working with the vendor to investigate.

🔒 OpenAI has notified some ChatGPT API customers that limited identifying information was exposed following a breach at its third‑party analytics vendor, Mixpanel. Mixpanel says the incident resulted from a smishing campaign detected on November 8, and OpenAI received details of the affected dataset on November 25. Exposed fields may include names, emails, coarse location, device and browser metadata, referring websites, and account IDs, but OpenAI says no chats, API requests, usage data, passwords, API keys, payment details, or government IDs were exposed. OpenAI has removed Mixpanel from production, begun notifying affected parties, and is warning users to watch for phishing attempts and enable 2FA.

⚠️ OpenAI has warned that some data from users of its platform.openai.com API may have been exposed after an attacker gained unauthorized access to part of analytics vendor Mixpanel and exported a dataset. The incident began on November 9 and Mixpanel shared the dataset with OpenAI on November 25. Potentially affected fields include account names, email addresses, coarse location, browser/OS, referrers and organization or user IDs. OpenAI says its systems, chats, API keys, credentials, payment details and chat content were not compromised, and it has removed Mixpanel from production while notifying affected users and expanding vendor security reviews.

🛠️OpenAI has rolled out GPT-5.1-Codex-Max, a Codex variant optimized for long-running programming tasks and improved token efficiency. Unlike the general-purpose GPT-5.1, Codex is tailored to operate inside terminals and integrate with GitHub, and OpenAI says the model can work independently for hours. It is faster, more capable on real-world engineering tasks, uses roughly 30% fewer "thinking" tokens, and adds Windows and PowerShell capabilities. GPT-5.1-Codex-Max is available in the Codex CLI, IDE extensions, cloud, and code review.

🚀 Amazon Bedrock now supports importing custom weights for gpt-oss-120b and gpt-oss-20b, allowing customers to bring tuned OpenAI GPT OSS models into a fully managed, serverless environment. This capability eliminates the need to manage infrastructure or model serving while enabling deployment of text-to-text models for reasoning, agentic, and developer tasks. gpt-oss-120b is optimized for production and high-reasoning use cases; gpt-oss-20b targets lower-latency or specialized scenarios. The feature is generally available in US‑East (N. Virginia).