{"id":282650,"date":"2026-06-26T13:49:00","date_gmt":"2026-06-26T17:49:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/26\/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites\/"},"modified":"2026-06-26T14:00:41","modified_gmt":"2026-06-26T18:00:41","slug":"cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/26\/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites\/","title":{"rendered":"Cybersecurity firms targeted by fraudulent OpenAI organization invites"},"content":{"rendered":"

Cybersecurity firms targeted by fraudulent OpenAI organization invites<\/a><\/p>\n

https:\/\/www.bleepingcomputer.com\/news\/security\/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites\/<\/a><\/p>\n

Publish Date: 2026-06-26 13:49:00<\/a><\/p>\n

Source Domain: www.bleepingcomputer.com<\/a><\/p>\n

\n

Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects.<\/p>\n

Push Security discovered what they dub as the “Poisoned Tenant” campaign after multiple employees received invitations to join an OpenAI organization named “Push Security Inc.”\u00a0\u00a0While the invite was legitimate, coming directly from OpenAI, the ChatGPT tenant had been created by an attacker using Gmail addresses rather than by the company.<\/p>\n

The invitation emails were sent from OpenAI’s legitimate notification address, noreply@tm.openai.com, passed email authentication checks, and were identical to a normal invitation to join an organization’s ChatGPT workspace.<\/p>\n

\"image\"<\/p>\n

\"FakeFake Push Security OpenAI tenant invite sent to employees<\/strong>
Source: Push Security<\/p>\n

Push Security told BleepingComputer that other customers have also received similar invitations and that all are in the cybersecurity or technology space.<\/p>\n

Attacker-controlled OpenAI organizations<\/h2>\n

According to Push Security, the invitations targeted specific employees using their work email addresses, suggesting the attackers had researched the employees who work at the company before launching the campaign.<\/p>\n

Although OpenAI includes a warning stating that the inviter’s email domain does not match the recipient’s company domain, the notice appears as a single line within the\u00a0legitimate invitation email.<\/p>\n

To better understand the attack’s goal, Luke Jennings, VP, Research & Development at Push Security, accepted one of the invitations.<\/p>\n

After accepting, the researcher was immediately added to the fraudulent organization, which impersonated Push Security and contained a single\u00a0attacker-controlled account with a Gmail address that posted as the company’s CEO, Adam Bateman.<\/p>\n

The invited employees had all been assigned Owner privileges within the organization, giving them…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Cybersecurity firms targeted by fraudulent OpenAI organization invites https:\/\/www.bleepingcomputer.com\/news\/security\/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites\/ Publish Date: 2026-06-26 13:49:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":282652,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2023\/04\/11\/OpenAI_headpic.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[57],"class_list":["post-282650","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/282650"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=282650"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/282650\/revisions"}],"predecessor-version":[{"id":282654,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/282650\/revisions\/282654"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/282652"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=282650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=282650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=282650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}