Live Cybersecurity News Ticker | Codekeeper

Hackers Are Using Fake OpenAI Organizations to Silently Steal Your Work Data

Written by Content Team | Jul 8, 2026 12:22:47 PM

Security researchers at Push Security have uncovered a new attack where hackers create fake OpenAI organizations — impersonating real companies — and send employees legitimate-looking invitations straight from OpenAI's own notification system. One click joins the victim to an attacker-controlled tenant with zero additional verification.

Once inside, anything the employee does — prompts, uploaded files, API calls — is visible to the attacker. The fake org even had a credit card attached to avoid suspicion. No spoofed domains, no malicious links. Just a trusted platform being weaponized against its own users.

Source: Cybersecurity News