Hackers Exploit OpenAI Organization Invites to Harvest Sensitive AI Data

July 7, 2026 | CXO Junction

Leave a Comment / Cybersecurity, Data Protection, Enterprise Technology, Industry News / By cxojunction

Cybercriminals are exploiting OpenAI’s organization invitation feature to launch a new “poisoned tenant” attack that enables the collection of sensitive prompts, API activity, and potentially valuable corporate data. The campaign highlights how trusted AI collaboration features are becoming a growing attack surface as enterprises increasingly adopt AI platforms.

AI platforms targeted through fake OpenAI organization invitations to harvest sensitive enterprise data and API activity.

According to research from Push Security, attackers created a fake OpenAI organization using the company’s name and sent targeted invitations to employees. Unlike traditional phishing emails, these invitations originated from OpenAI’s legitimate notification system, passed authentication checks, and appeared identical to genuine collaboration requests. The only warning sign was a small notice indicating that the inviter’s domain did not match the recipient’s corporate domain.

Once a user accepted the invitation, the account was linked to the attacker-controlled organization with a single click, requiring no additional authentication, even from a fresh browser session. To make the environment appear legitimate, attackers impersonated company executives, granted invited users Owner-level administrative privileges, and added a payment method to the organization.

Rather than stealing credentials immediately, the attackers aimed to harvest valuable business data over time. Prompts, uploaded documents, source code, API activity, security research, and customer information shared within the fraudulent organization could become accessible to the attackers. Researchers also warned that threat actors could distribute malicious prompts, abuse OAuth permissions and third-party integrations, and move laterally across connected enterprise services.

The campaign reflects a broader trend of threat actors abusing trusted SaaS and AI platforms as attack channels. Similar activity has been reported by Kaspersky and Cisco Talos across OpenAI, GitHub, and Jira, while the recently disclosed LLMShare attack demonstrated how ChatGPT could be used to distribute malicious content. Because these notifications originate from legitimate services, they can bypass traditional security controls that rely on detecting spoofed domains or malicious links.

The incident underscores the need for stronger governance around enterprise AI adoption. Organizations can reduce risk by improving visibility into SaaS usage, monitoring external organization memberships, enforcing domain verification, restricting unauthorized organization joins, and educating employees about collaboration-based threats. As it becomes integral to business operations, stronger security controls will be essential to protect sensitive enterprise data and support secure AI adoption.

CXO Junction remains dedicated to providing you with exclusive insights into transformative leadership journeys. Stay tuned for more updates as we continue to bring industry news to you.

Source: Hackers Abuse OpenAI Org Invites to Harvest Sensitive Prompts and API Activity | Cyber Security News | Hackers Use OpenAI Org Invites to Harvest Sensitive Prompts and API Activity

Latest News