Attackers create OpenAI tenants impersonating legitimate companies and send targeted invitations to employees using their work emails. These invitations originate from OpenAI's legitimate notification infrastructure, passing email authentication checks, and assign administrative privileges to the invited employees. The fake organizations contain attacker-controlled accounts posing as company executives and have payment methods attached to enable premium features, increasing the likelihood of employee engagement. The goal appears to be harvesting sensitive information submitted by employees within the ChatGPT workspace. This campaign exemplifies abuse of SaaS platform invitation features to bypass traditional phishing defenses.

Employees who accept invitations to these fraudulent OpenAI organizations may inadvertently disclose sensitive company information, including source code, internal documents, customer data, security research, and strategic plans, within the ChatGPT environment controlled by attackers. The administrative privileges granted to invited employees could allow further manipulation or reconnaissance within the fake tenant. The use of legitimate OpenAI infrastructure for invitations reduces the likelihood of detection by email security systems.

No official patch or fix is applicable as this is an abuse of legitimate SaaS platform features rather than a software vulnerability. Organizations should train employees to verify unexpected invitations to join SaaS organizations, especially those that do not match their company domain. Monitoring SaaS organization memberships for unauthorized or suspicious tenants is recommended. Vigilance regarding invitations originating from legitimate platform infrastructure is critical to prevent data leakage.