LIVE FEED
FIRST LOOK Yellow Teams Bring AI Offense and Defense Into One Security Function // FIRST LOOK Tracebit Ships AWS Context Bombing Defence Against AI Hacking Agents // FIRST LOOK FriendMachine Launches Jacquard Lang for AI-Written Code Review // CRITICAL Check Point 2026 AI Security Report: LLMs Now Run Live Attacks // FIRST LOOK OpenAI GPT-5.6 Sol Ships Faster Parallel Tool-Use for Agents // FIRST LOOK Meta Launches Muse Image with Public Instagram Photo Reuse // FIRST LOOK Estonia Launches State-Issued Digital IDs for AI Agents // HIGH AI Widens Skill-Ability Gap, Enabling Autonomous Cyberattacks // FIRST LOOK OpenAI Expands ChatGPT Into Family and Caregiver Households // FIRST LOOK Iroh Launches Mesh LLM for Distributed AI Across Peer Nodes //
OpenAI Expands ChatGPT Into Family and Caregiver Households

OpenAI Expands ChatGPT Into Family and Caregiver Households

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 TechCrunch AI

OpenAI is building dedicated family-oriented product experiences for ChatGPT, targeting parents, caregivers, and older adults as adoption among users aged 35 and older accelerates. This household expansion introduces a high-value, trust-sensitive attack surface where vulnerable populations — including minors and elderly users — interact with AI systems that were not originally designed with their safety profiles in mind. Security teams and child-safety advocates should anticipate increased adversarial interest in manipulating family-mode guardrails, extracting parental oversight credentials, and exploiting the trust asymmetry between caregivers and AI-mediated household experiences.

OpenAI Workspace Phishing via Fraudulent Tenant Registration

OpenAI Workspace Phishing via Fraudulent Tenant Registration

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 BleepingComputer

Threat actors are registering fraudulent OpenAI tenants impersonating legitimate companies and inviting employees to join them, in a campaign dubbed 'Poisoned Tenant' by Push Security. The attack exploits OpenAI's legitimate invitation infrastructure, making phishing emails appear authentic as they pass all email authentication checks. The goal appears to be tricking employees into submitting sensitive corporate information via ChatGPT chats and projects within the attacker-controlled workspace.

OpenAI's ChatGPT Image Generation Fails Content Moderation

OpenAI's ChatGPT Image Generation Fails Content Moderation

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 OpenAI (via HN)

Mindgard researchers demonstrated that ChatGPT's image generation pipeline can be manipulated through an indirect, socially-engineered prompt to produce violent and sexually explicit content without users directly requesting it, exposing a significant failure in OpenAI's content moderation controls. Defenders and enterprise operators of ChatGPT-integrated products face a newly validated attack class where innocuous-looking prompt patterns — potentially spreading virally — can systematically strip safety guardrails from image generation. This finding signals that content filter bypasses in multimodal systems are reproducible at scale, raising urgent questions about the adequacy of output-layer filtering as a sole defence mechanism.

OpenAI Ships GPT-5.5 Instant with Health Intelligence

OpenAI Ships GPT-5.5 Instant with Health Intelligence

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.8 OpenAI Blog

OpenAI has upgraded ChatGPT's health and wellness response capabilities via GPT-5.5 Instant, incorporating stronger reasoning, physician-informed evaluations, and improved contextual understanding for medical queries. This expansion into high-stakes health guidance raises meaningful concerns for defenders, as improved fluency and authority in medical responses increases the risk of user overreliance and lowers the perceived threshold for trusting AI-generated health advice. Security and trust-safety teams should evaluate how this capability interacts with prompt injection, social engineering chains, and the broader risk of AI-mediated medical misinformation at scale.

ChatGPT Prompt Injection Enables Data Exfiltration

ChatGPT Prompt Injection Enables Data Exfiltration

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 Simon Willison

OpenAI has rolled out 'Lockdown Mode' for ChatGPT personal and self-serve business accounts, a deterministic control designed to block the data exfiltration leg of prompt injection attacks. The feature directly addresses the 'Lethal Trifecta' — the combination of private data access, untrusted content exposure, and an outbound exfiltration channel — by restricting outbound network requests at the infrastructure level rather than relying on AI-evaluated guardrails. Critically, OpenAI's own documentation acknowledges the feature's existence implies that default ChatGPT settings do not robustly prevent determined data exfiltration attacks.

ChatGPT Markdown Injection Enables Phishing in Web Summarizer

ChatGPT Markdown Injection Enables Phishing in Web Summarizer

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 The Hacker News

Permiso Security has disclosed ChatGPhish, a vulnerability in ChatGPT's web summarisation feature that allows attacker-controlled Markdown payloads embedded in third-party pages to render phishing links, spoofed alerts, and QR codes directly within ChatGPT's trusted UI. The attack requires no user interaction beyond asking ChatGPT to summarise a malicious page, and can exfiltrate IP addresses, User-Agent strings, and Referer headers via auto-fetched remote images. The technique significantly expands the phishing attack surface beyond email into everyday AI-assisted browsing workflows, posing a particular risk in enterprise environments.

ChatGPT Sharing Links Abused for Malware Delivery

ChatGPT Sharing Links Abused for Malware Delivery

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 BleepingComputer

Threat actors are exploiting ChatGPT's legitimate content-sharing infrastructure to host convincing fake outage pages that trick users into downloading malware disguised as a ChatGPT desktop application. The 'LLMShare' campaign abuses chatgpt.com/s/ shared links to render attacker-crafted HTML within a trusted OpenAI domain, bypassing traditional phishing detection that relies on suspicious URL analysis. The attack chain combines Google ad abuse, domain cloaking, and AI platform misuse to deliver what are likely infostealer payloads.

GreyVibe Deploys ChatGPT and Gemini in LLM Attack Chain

GreyVibe Deploys ChatGPT and Gemini in LLM Attack Chain

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 SecurityWeek

WithSecure has documented GreyVibe, a Russia-nexus threat actor systematically deploying ChatGPT, Google Gemini, and Ideogram AI across every phase of its attack chain — from phishing lure creation to custom malware development — against Ukrainian targets since August 2025. The group's LLM-assisted malware, LegionRelay, contained design flaws introduced during AI-generated development, which paradoxically allowed researchers to track the group over an extended period. The case illustrates both the operational leverage AI provides to moderately skilled threat actors and the novel forensic signatures that AI-assisted development can inadvertently introduce.

Account Takeover Protection: OpenAI Hardens ChatGPT Auth

Account Takeover Protection: OpenAI Hardens ChatGPT Auth

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Wired Security

OpenAI has introduced Advanced Account Security, an optional hardened authentication mode for ChatGPT and Codex users who face elevated risk of account takeover, including journalists, dissidents, and researchers. The feature enforces passkey or physical security key authentication, eliminates SMS/email recovery routes, and removes OpenAI support team access to recovery options to block social engineering attacks. Members of OpenAI's Trusted Access for Cyber programme will be mandated to enable it or provide equivalent enterprise SSO attestation by June 1.

ChatGPT Code Runtime Exfiltrates Data via Prompt Injection

ChatGPT Code Runtime Exfiltrates Data via Prompt Injection

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 Check Point Research

Check Point Research disclosed a critical vulnerability in ChatGPT's code execution runtime that allows a single malicious prompt to establish a covert outbound exfiltration channel, bypassing OpenAI's stated network isolation safeguards. Sensitive user data — including uploaded files, conversation content, and personal documents — could be silently transmitted to attacker-controlled servers without user knowledge or consent. The same channel was also found capable of enabling remote shell access within the Linux execution environment.

Axios npm Library Compromised in Supply Chain Attack

Axios npm Library Compromised in Supply Chain Attack

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

A North Korean threat group (UNC1069) compromised the popular npm Axios library via a supply chain attack, injecting a backdoor (WAVESHAPER.V2) into two poisoned versions that were inadvertently downloaded by OpenAI's macOS app-signing GitHub Actions workflow. Although OpenAI found no evidence of certificate exfiltration or user data compromise, the incident exposed the signing credentials for ChatGPT Desktop, Codex, Codex CLI, and Atlas, prompting certificate revocation and mandatory app updates by May 8, 2026. The attack highlights the acute risk of software supply chain compromises against AI product delivery pipelines.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.