Cybersecurity firms targeted by fraudulent OpenAI organization invites

Staff Editor 2026-06-26
Cybersecurity firms targeted by fraudulent OpenAI organization invites

Cybersecurity firms targeted by fraudulent OpenAI organization invites

https://www.bleepingcomputer.com/news/security/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites/

Publish Date: 2026-06-26 13:49:00

Source Domain: www.bleepingcomputer.com

Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects.

Push Security discovered what they dub as the “Poisoned Tenant” campaign after multiple employees received invitations to join an OpenAI organization named “Push Security Inc.”  While the invite was legitimate, coming directly from OpenAI, the ChatGPT tenant had been created by an attacker using Gmail addresses rather than by the company.

The invitation emails were sent from OpenAI’s legitimate notification address, [email protected], passed email authentication checks, and were identical to a normal invitation to join an organization’s ChatGPT workspace.

image

Fake Push Security OpenAI tenant invite sent to employeesFake Push Security OpenAI tenant invite sent to employees
Source: Push Security

Push Security told BleepingComputer that other customers have also received similar invitations and that all are in the cybersecurity or technology space.

Attacker-controlled OpenAI organizations

According to Push Security, the invitations targeted specific employees using their work email addresses, suggesting the attackers had researched the employees who work at the company before launching the campaign.

Although OpenAI includes a warning stating that the inviter’s email domain does not match the recipient’s company domain, the notice appears as a single line within the legitimate invitation email.

To better understand the attack’s goal, Luke Jennings, VP, Research & Development at Push Security, accepted one of the invitations.

After accepting, the researcher was immediately added to the fraudulent organization, which impersonated Push Security and contained a single attacker-controlled account with a Gmail address that posted as the company’s CEO, Adam Bateman.

The invited employees had all been assigned Owner privileges within the organization, giving them…

Source

More Stories

OpenAI Has New AI Models. Here’s Why You Can’t Use Them

OpenAI Has New AI Models. Here’s Why You Can’t Use Them

Staff Editor 2026-06-26
The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials

The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials

Staff Editor 2026-06-26
Malware authors subvert AI detection systems

Malware authors subvert AI detection systems

Staff Editor 2026-06-26

Terms and Conditions - Privacy Policy