< ciso
brief />
Tag Banner

All news with #openai tag

190 articles · page 9 of 10

ChatGPT Leak Reveals Direct Messaging and Profiles

🤖 OpenAI is testing social features in ChatGPT, with leaked code showing support for direct messages, usernames, and profile images. References discovered in an Android beta (version 1.2025.273) and linked traces to Sora 2 indicate the company may be rolling social tools beyond its video feed app. The code, codenamed Calpico and Calpico Rooms, also mentions join/leave notifications and push alerts for messages.
read more →

OpenAI Launches Codex Alpha for Early Model Access

🚀 OpenAI has introduced a new opt-in program, Codex Alpha, offering developers early access to updated Codex models and features ahead of DevDay 2025. The rollout currently exposes several gpt-5 variants (gpt-5-codex low/medium/high, gpt-5 minimal, and gpt-5 low/medium/high) tailored for coding and varied reasoning depths. The author could opt in but did not yet gain access to newer models; broader availability is expected at the October 6 event. Codex operates in Terminal, IDE, and web environments to assist with full application development rather than only snippets.
read more →

OpenAI Updates GPT-5 Instant to Offer Emotional Support

🤗 OpenAI has updated GPT-5 Instant to better detect and respond to signs of emotional distress, routing users to supportive language and, when appropriate, real-world crisis resources. The change responds to feedback that some GPT-5 variants felt too clinical when users sought emotional support. OpenAI says it developed the model with help from mental health experts and will route GPT-5 Auto or non-reasoning model conversations to GPT-5 Instant for faster, more empathetic responses. The update begins rolling out to ChatGPT users today.
read more →

OpenAI expands $4 ChatGPT Go availability in Southeast Asia

🌏 OpenAI is expanding its lower-cost ChatGPT plan, ChatGPT Go ($4), into additional Southeast Asian markets after tests in India and Indonesia. The company is updating local pricing and now lists amounts in EUR, USD, GBP and INR while testing availability in Malaysia, the Philippines, Thailand and Vietnam. The Go tier offers access to GPT-5 with limited capabilities, expanded messaging and uploads, faster image generation, longer memory and basic deep research, but excludes higher-end models and advanced reasoning reserved for the $20 GPT Plus tier. OpenAI says Go provides higher usage limits than the Free plan but remains feature-limited compared with Plus.
read more →

OpenAI Trials Free ChatGPT Plus and Expands $4 GPT Go

🔔 OpenAI is testing a limited free trial for ChatGPT Plus while expanding its lower-cost $4 GPT Go plan to Indonesia after an initial launch in India. Some existing users see a “start free trial” prompt on the ChatGPT pricing page, though new accounts may be excluded to limit abuse. The $4 option and the $20 Plus tier both provide access to GPT-5 with differing levels of memory, image creation, and research capabilities, and a $200 Pro tier targets heavier professional use.
read more →

OpenAI Routes GPT-4o Conversations to Safety Models

🔒 OpenAI confirmed that when GPT-4o detects sensitive, emotional, or potentially harmful activity it may route individual messages to a dedicated safety model, reported by some users as gpt-5-chat-safety. The switch occurs on a per-message, temporary basis and ChatGPT will indicate which model is active if asked. The routing is implemented as an irreversible part of the service's safety architecture and cannot be turned off by users; OpenAI says this helps strengthen safeguards and learn from real-world use before wider rollouts.
read more →

OpenAI Is Testing GPT-Alpha, a GPT-5-Based AI Agent

🧪 OpenAI is internally testing a new AI agent, GPT-Alpha, built on a special GPT-5 variant and briefly exposed to users in an accidental push. A screenshot shared on X showed an 'Agent with Truncation' listing under Alpha Models, and the agent's system prompt outlines capabilities to browse the web, generate and edit images, write, run, and debug code, and create or edit documents, spreadsheets, and slides. OpenAI says the agent uses GPT-5 for advanced reasoning and tool use and may initially be offered as a paid feature due to increased compute demands.
read more →

Researchers Find GPT-4-Powered MalTerminal Malware

🛡️ SentinelOne researchers disclosed MalTerminal, a Windows binary that integrates OpenAI GPT-4 via a deprecated chat completions API to dynamically generate either ransomware or a reverse shell. The sample, presented at LABScon 2025 and accompanied by Python scripts and a defensive utility called FalconShield, appears to be an early — possibly pre-November 2023 — example of LLM-embedded malware. There is no evidence it was deployed in the wild, suggesting a proof-of-concept or red-team tool. The finding highlights operational risks as LLMs are embedded into offensive tooling and phishing chains.
read more →

ShadowLeak: Zero-click flaw exposes Gmail via ChatGPT

🔓 Radware disclosed ShadowLeak, a zero-click vulnerability in OpenAI's ChatGPT Deep Research agent that can exfiltrate sensitive Gmail inbox data when a single crafted email is present. The technique hides indirect prompt injections in email HTML using tiny fonts, white-on-white text and CSS/layout tricks so a human user is unlikely to notice the commands while the agent reads and follows them. In Radware's proof-of-concept the agent, once granted Gmail integration, parses the hidden instructions and uses browser tools to send extracted data to an external server. OpenAI addressed the issue in early August after a responsible disclosure on June 18, and Radware warned the approach could extend to many other connectors, expanding the attack surface.
read more →

ShadowLeak zero-click exfiltrates Gmail via ChatGPT Agent

🔒 Radware disclosed a zero-click vulnerability dubbed ShadowLeak in OpenAI's Deep Research agent that can exfiltrate Gmail inbox data to an attacker-controlled server via a single crafted email. The flaw enables service-side leakage by causing the agent's autonomous browser to visit attacker URLs and inject harvested PII without rendering content or user interaction. Radware reported the issue in June; OpenAI fixed it silently in August and acknowledged resolution in September.
read more →

OpenAI's $4 GPT Go Plan Poised to Expand Regions Soon

🚀 OpenAI has started expanding its $4 GPT Go plan beyond India, rolling out nudges to free-account users in Indonesia and India and signaling broader regional availability in the coming weeks. Product pages already list pricing in USD, EUR and GBP, suggesting a possible U.S. launch. GPT Go grants access to GPT-5, expanded messaging and uploads, faster image creation, longer memory and limited deep research; GPT Plus ($20) and Pro ($200) tiers provide increasingly advanced capabilities and higher limits.
read more →

OpenAI enhances ChatGPT Search to rival Google AI results

🔎 OpenAI has rolled out an update to ChatGPT Search that improves accuracy, reliability, and link summarization to reduce hallucinations and make answers easier to verify. The search now better detects shopping intent, surfacing products when appropriate while keeping results focused for other queries, and it improves link summaries so users can follow back to sources. Answers are reformatted for quicker comprehension without sacrificing detail. OpenAI also added an GPT-5 Thinking toggle with adjustable 'juice' effort levels; the changes are rolling out gradually.
read more →

OpenAI adds user control over GPT-5 Thinking model options

⚙️ OpenAI is rolling out a toggle that lets Plus, Pro, and Business subscribers choose how much "thinking" the GPT-5 Thinking model performs, trading off speed, cost, and depth. The simpler toggle UI replaces a tested slider and exposes internal "juice" effort levels — for example, Standard (juice=18) and Extended (64). Pro users also get Light (5) for very fast replies and Heavy (200) for the model's maximum reasoning depth.
read more →

ShadowLeak: AI agents can exfiltrate data undetected

⚠️Researchers at Radware disclosed a vulnerability called ShadowLeak in the Deep Research module of ChatGPT that lets hidden, attacker-crafted instructions embedded in emails coerce an AI agent to exfiltrate sensitive data. The indirect prompt-injection technique hides commands using tiny fonts, white-on-white text or metadata and instructs the agent to encode and transmit results (for example, Base64-encoded lists of names and credit cards) to an attacker-controlled URL. Radware says the key risk is that exfiltration can occur from the model’s cloud backend, making detection by the affected organization very difficult; OpenAI was notified and implemented a fix, and Radware found the patch effective in subsequent tests.
read more →

OpenAI Open-Weight Models Now in Eight More AWS Regions

🚀 AWS has expanded availability of OpenAI open weight models on Amazon Bedrock to eight additional regions. The update adds US East (N. Virginia), Asia Pacific (Tokyo), Europe (Stockholm), Asia Pacific (Mumbai), Europe (Ireland), South America (São Paulo), Europe (London), and Europe (Milan) to the previously supported US West (Oregon). This broader regional coverage reduces network latency, helps meet data residency preferences, and makes it easier for customers to deploy AI-powered applications closer to their users. Customers can access the models through the Amazon Bedrock console and supporting documentation to get started.
read more →

AWS Bedrock Adds OpenAI Open‑Weight Models in Eight Regions

🚀 AWS has expanded availability of OpenAI open weight models on AWS Bedrock to eight additional AWS Regions worldwide. The update brings the models to US East (N. Virginia), Asia Pacific (Tokyo, Mumbai), Europe (Stockholm, Ireland, London, Milan) and South America (São Paulo), alongside existing US West (Oregon) support. This broader footprint aims to lower latency, improve model performance and help customers meet data residency requirements. To get started, use the Amazon Bedrock console or consult the documentation.
read more →

OpenAI Launches GPT-5 Codex Model for Coding, Broad Rollout

🤖 OpenAI is deploying a specialized GPT-5 Codex model across its Codex instances, including Terminal, IDE extensions, and Codex Web. The agent automates coding tasks so users — even those without programming experience — can generate and execute code and accelerate app development. OpenAI reported strong benchmark gains and says the staged rollout will reach all users in the coming days.
read more →

ChatGPT makes Projects free, adds chat-branching toggle

🔁 OpenAI is rolling out two notable updates to ChatGPT: the Projects feature is now available to all users for free, and a new Branch in new chat toggle lets you split and continue conversations from a chosen message. Projects create independent workspaces that organize chats, files, and custom instructions with separate memory, context, and tools. The branching option spawns a new conversation that includes everything up to the split point, helping manage divergent topics and streamline brainstorming. Both changes aim to improve organization and continuity for repeated or evolving work.
read more →

NCSC and AISI Back Public Disclosure for AI Safeguards

🔍 The NCSC and the AI Security Institute have broadly welcomed public, bug-bounty style disclosure programs to help identify and remediate AI safeguard bypass threats. They said initiatives from vendors such as OpenAI and Anthropic could mirror traditional vulnerability disclosure to encourage responsible reporting and cross-industry collaboration. The agencies cautioned that programs require clear scope, strong foundational security, prior internal reviews and sufficient triage resources, and that disclosure alone will not guarantee model safety.
read more →

Salesloft token theft exposes wide-ranging integrations

🔐 The mass theft of authentication tokens from Salesloft’s Drift chatbot has exposed integrations across hundreds of customers, according to Google. Attackers stole valid tokens for services including Slack, Google Workspace, Amazon S3, Microsoft Azure and OpenAI. GTIG said the campaign, tracked as UNC6395, siphoned large amounts of Salesforce data and searched the haul for credentials such as AWS keys, VPN logins and Snowflake access. Customers were urged to immediately invalidate and reauthenticate all Salesloft-connected tokens while Salesloft and incident responders investigate.
read more →