Cybersecurity firms targeted by fraudulent OpenAI organization invites

Cybersecurity firms targeted by sophisticated phishing campaign using OpenAI organization invites

Threat actors have launched a cunning phishing campaign targeting cybersecurity companies, leveraging legitimate-looking invitations from OpenAI to trick employees into submitting sensitive company information. The “Poisoned Tenant” campaign, discovered by Push Security, involves creating fake ChatGPT organizations that impersonate the target company and inviting employees to join them.

The attackers’ modus operandi is to create an OpenAI tenant using a Gmail address instead of the legitimate company email domain. They then send invitations to employees using their work email addresses, which appear identical to normal organization invites from OpenAI. The emails are sent from the legitimate notification address noreply@tm.openai.com and pass email authentication checks, making them difficult to distinguish from genuine notifications.

Push Security reported that multiple cybersecurity companies in the technology space have received similar invitations, suggesting a targeted campaign with sophisticated research on the target employees’ work email addresses. Although OpenAI includes a warning about mismatched domains within the invitation email, it is easily overlooked by unsuspecting employees.

Luke Jennings, VP of Research & Development at Push Security, accepted one of the invitations to better understand the attack’s goal. Upon accepting, he was immediately added as an Owner with administrative privileges, allowing him to view other pending invitations and confirm that none of the targeted employees had joined the fake ChatGPT organization. The researchers found a Visa credit card attached to the organization’s billing account, adding further legitimacy to the phishing campaign.

The attackers’ objective is believed to be convincing employees to use the ChatGPT workspace as if it were a legitimate corporate platform, allowing them to collect sensitive information submitted in chats and projects. Push Security warns that this type of attack is more likely to succeed due to its sophisticated nature, which involves investing time and effort into researching target employees and attaching a payment method to remove potential warning signs.

This campaign reflects a broader trend of attackers abusing legitimate invitation and notification features built into SaaS platforms like OpenAI. Unlike traditional phishing campaigns, these invitations originate from the platform’s own infrastructure, making them more likely to bypass email security controls.

To mitigate this risk, Push Security recommends training employees to verify unexpected organization invitations and monitoring SaaS organization memberships. This can help reduce the likelihood of successful attacks. As a general best practice, it is essential for organizations to regularly test their defenses against these types of threats and stay vigilant in detecting suspicious activity within their environments.

By understanding the tactics used by these sophisticated attackers, cybersecurity professionals can better prepare themselves and their teams to respond effectively to such threats.


Source: Bleeping Computer — 2026-06-26