Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

ChatGPhish vulnerability turns ChatGPT web summaries into a phishing surface

(Berke Citak / Unsplash)

By Ravie Lakshmanan

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks.

The technique has been codenamed ChatGPhish by Permiso Security.

“The chatgpt.com response renderer trusts Markdown links and Markdown image URLs that originated from a third-party page the assistant has just summarized. It auto-fetches those images and surfaces those links as live, clickable elements inside the trusted assistant UI,” security researcher Andi Ahmeti said in a report shared with The Hacker News.

Read more at The Hacker News

Click to listen highlighted text!