A new campaign dubbed "Poisoned Tenant" targets employees of tech and cybersecurity companies by creating fake workspaces in OpenAI that impersonate well-known brands.
What Happened
Attackers create fake organizations within OpenAI using the names of large tech and cybersecurity firms. They send invitations to these workspaces via official OpenAI system addresses (noreply@tm.openai.com). To increase credibility, attackers link real Visa credit cards to their accounts to enable payment for premium service features.
Context
This attack represents an advanced phishing vector that exploits trust in legitimate SaaS platforms and their built-in notification mechanisms. Instead of direct credential theft, the goal is to create "poisoned" work environments where users might accidentally disclose intellectual property, such as software code or corporate strategies.
Why It Matters for the Industry
For the industry, this signifies an evolution of supply chain attacks through trusted cloud tools. The campaign highlights the need to revise security policies regarding the use of AI services and stimulates demand for new organizational verification UX patterns and tools to verify the integrity of AI ecosystems.
Why It Matters for Users
Users and employees of companies actively using LLMs must exercise extreme caution when receiving invitations to any SaaS services. Even if an email arrives from a platform's system address, it is necessary to verify whether the inviting organization's domain matches your company's official corporate domain.
What Is Not Yet Known / Limitations
Discussions are shifting from the general threat of phishing toward issues of access management and the necessity of implementing new verification mechanisms for organization owners.
Sources
Author
Look at AI, Editorial Team