ChatGPhish: Summarization as a New Phishing Attack Surface

Colleagues, note a cyber‑security issue: the ChatGPhish vulnerability converts ChatGPT summaries into a phishing vector.
- Permiso Security found ChatGPT’s renderer trusts Markdown links and images from the summarized page: they auto‑load and become clickable.
- Exploits can exfiltrate IP, User‑Agent and Referer, display fake system notices and QR codes, and bypass filters.
- Any malicious page an employee asks to summarize can theoretically turn the chat into a phishing interface.
Why it matters: the risk of compromise increases because attacks can enter via normal browser workflows.
How will you restrict processing of external content in chats?
#cybersecurity #phishing #AI #ChatGPT


Latest comments
No comments yet.