Cybersecurity Researchers Disclose ChatGPhish Vulnerability in OpenAI ChatGPT

Cybersecurity researchers at Permiso Security disclosed a vulnerability in OpenAI ChatGPT, codenamed ChatGPhish, which exploits the AI assistant’s implicit trust in Markdown links and images to enable prompt injection attacks and facilitate phishing. The flaw arises from the chatgpt.com response renderer treating Markdown content as trusted, allowing malicious actors to manipulate responses. No specific CVE ID, affected version range, or patch release date was mentioned. The vulnerability transforms ChatGPT’s web summaries into a potential phishing surface, though the exact impact scope remains unspecified. The discovery highlights risks in AI-driven content rendering without proper input sanitization.