🛡 Phishing via Fake OpenAI Organizations
Attackers have launched the "Poisoned Tenant" campaign, creating fake workspaces while impersonating well-known cybersecurity companies. Invitations arrive from a legitimate OpenAI address (noreply@tm.openai.com), which helps bypass email filters.
🌍 The campaign demonstrates the exploitation of trust in SaaS platforms. This creates a risk of intellectual property leakage (code and strategies) through "poisoned" workspaces.
👤 Be cautious with OpenAI invitations. Always verify whether the inviter's domain matches your company's official corporate domain.