Tag: openai

Top 5 real-world AI security threats revealed in 2025

Dec 29, 2025 8:55 AM

Tags: access, ai, api, attack, breach, chatgpt, cloud, control, credentials, cybercrime, data, data-breach, defense, email, exploit, flaw, framework, github, gitlab, google, injection, least-privilege, LLM, malicious, malware, microsoft, nvidia, open-source, openai, rce, remote-code-execution, risk, service, software, supply-chain, theft, threat, tool, vulnerability

A critical remote code execution (RCE) in open-source AI agent framework Langflow that was also exploited in the wildAn RCE flaw in OpenAI’s Codex CLIVulnerabilities in NVIDIA Triton Inference ServerRCE vulnerabilities in major AI inference server frameworks, including those from Meta, Nvidia, Microsoft, and open-source projects such as vLLM and SGLangVulnerabilities in open-source compute framework…
OpenAI’s ChatGPT ads will allegedly prioritize sponsored content in answers

Dec 27, 2025 11:55 AM

Tags: chatgpt, openai

OpenAI is reportedly mulling a new form of ads on ChatGPT called “sponsored content,” which could influence your buying decisions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/openais-chatgpt-ads-will-allegedly-prioritize-sponsored-content-in-answers/
OpenAI’s ChatGPT ads will allegedly prioritize sponsored content in answers

Dec 27, 2025 11:55 AM

Tags: chatgpt, openai

OpenAI is reportedly mulling a new form of ads on ChatGPT called “sponsored content,” which could influence your buying decisions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/openais-chatgpt-ads-will-allegedly-prioritize-sponsored-content-in-answers/
OpenAI warnt: Warum KI-Browser wie Atlas immer anfällig für Angriffe bleiben könnten

Dec 25, 2025 6:19 PM

Tags: ai, cyberattack, openai

First seen on t3n.de Jump to article: t3n.de/news/openai-ki-browser-prompt-injection-1723027/
OpenAI is reportedly testing Claude-like Skills for ChatGPT

Dec 25, 2025 12:19 AM

Tags: chatgpt, openai, skills

OpenAI is testing a new ChatGPT feature called “Skills,” which will be similar to Claude’s feature, also called Skills. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/openai-is-reportedly-testing-claude-like-skills-for-chatgpt/
SoftBank scrambling to come up with $22.5B in OpenAI funding before New Year

Dec 24, 2025 7:19 PM

Tags: openai

Masayoshi Son better hope he made Santa’s nice list First seen on theregister.com Jump to article: www.theregister.com/2025/12/22/softbank_funding_openai/
OpenAI Will Forever Fight Prompt Injection Attacks

Dec 23, 2025 9:19 PM

Tags: ai, attack, chatgpt, defense, injection, openai, scam, threat

AI Firm Discovers New Prompt Injection Attack Class. OpenAI faces a years-long battle to secure its ChatGPT Atlas web browser against prompt injection attacks, a threat the company says will require continuous defense strengthening much like the arms race against online scams targeting humans. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/openai-will-forever-fight-prompt-injection-attacks-a-30380
OpenAI über KI-Browser: Prompt-Injection-Problem wahrscheinlich nie lösbar

Dec 23, 2025 11:19 AM

Tags: ai, injection, openai

Gerade bei den neuen KI-Browsern gelten Prompt Injections als extrem gefährlicher Angriffsvektor. OpenAI sieht keine vollständige Lösung dafür. First seen on golem.de Jump to article: www.golem.de/news/openai-ueber-ki-browser-prompt-injection-problem-wahrscheinlich-nie-loesbar-2512-203551.html
OpenAI says AI browsers may always be vulnerable to prompt injection attacks

Dec 22, 2025 11:19 PM

Tags: ai, attack, cybersecurity, injection, LLM, openai, risk, vulnerability

OpenAI says prompt injections will always be a risk for AI browsers with agentic capabilities, like Atlas. But the firm is beefing up its cybersecurity with an ‘LLM-based automated attacker.’ First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/22/openai-says-ai-browsers-may-always-be-vulnerable-to-prompt-injection-attacks/
DataDome recognized in The Bot And Agent Trust Management Software Landscape, Q4 2025 from Forrester

Dec 22, 2025 9:19 PM

Tags: ai, attack, business, control, email, guide, identity, LLM, login, malicious, openai, service, software

DataDome recognized in The Bot And Agent Trust Management Software Landscape, Q4 2025 from Forrester Forrester has just released The Bot And Agent Trust Management Software Landscape, Q4 2025 report. It marks a fundamental shift to reflect the rapid rise of agentic AI traffic”, moving beyond traditional bot management to a new paradigm that establishes…
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say

Dec 19, 2025 7:19 PM

Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerability

Formerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say

Dec 19, 2025 7:19 PM

Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerability

Formerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
OpenAI Launches GPT-5.2-Codex for Secure Coding

Dec 19, 2025 6:19 PM

Tags: ai, openai, software, vulnerability

OpenAI has launched GPT-5.2-Codex, an agentic coding model that boosts real-world software engineering and AI-powered vulnerability research. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openai-launches-gpt-5-2-codex-for-secure-coding/
OpenAI’s GPT-5.2 Codex Boosts Agentic Coding and Cyber Vulnerability Detection

Dec 19, 2025 10:19 AM

Tags: ai, cyber, detection, openai, software, tool, vulnerability

OpenAI has officially released GPT-5.2-Codex, marking a significant leap forward in AI-driven software engineering and defensive cybersecurity. Described as the most advanced >>agentic
What the Latest OpenAI Security Breach Reveals About the State of AI Protection

Dec 18, 2025 3:19 PM

Tags: ai, breach, openai, phishing, supply-chain, vulnerability

A recent OpenAI-related breach via third-party provider Mixpanel exposes how AI supply chain vulnerabilities enable phishing, impersonation, and regulatory risk”, even without direct system compromise. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/what-the-latest-openai-security-breach-reveals-about-the-state-of-ai-protection/
What the Latest OpenAI Security Breach Reveals About the State of AI Protection

Dec 18, 2025 3:19 PM

Tags: ai, breach, openai, phishing, supply-chain, vulnerability

A recent OpenAI-related breach via third-party provider Mixpanel exposes how AI supply chain vulnerabilities enable phishing, impersonation, and regulatory risk”, even without direct system compromise. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/what-the-latest-openai-security-breach-reveals-about-the-state-of-ai-protection/
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats

Dec 15, 2025 8:19 PM

Tags: ai, browser, chatgpt, chrome, google, intelligence, microsoft, openai, vpn

A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity.The extension in question is Urban VPN Proxy, which has a 4.7 rating…
Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed

Dec 15, 2025 7:19 PM

Tags: access, ai, attack, awareness, business, chatgpt, china, cloud, compliance, control, corporate, cybersecurity, data, data-breach, defense, detection, endpoint, governance, guide, infrastructure, injection, leak, LLM, malicious, microsoft, mitigation, monitoring, network, open-source, openai, privacy, RedTeam, risk, saas, service, strategy, threat, tool, training, vulnerability

Your employees are using AI whether you’ve sanctioned it or not. And even if you’ve carefully vetted and approved an enterprise-grade AI platform, you’re still at risk of attacks and data leakage. Key takeaways: Security teams face three key risks as AI usage becomes widespread at work: Shadow AI, the challenge of safely sanctioning tools,…
Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed

Dec 15, 2025 7:19 PM

Tags: access, ai, attack, awareness, business, chatgpt, china, cloud, compliance, control, corporate, cybersecurity, data, data-breach, defense, detection, endpoint, governance, guide, infrastructure, injection, leak, LLM, malicious, microsoft, mitigation, monitoring, network, open-source, openai, privacy, RedTeam, risk, saas, service, strategy, threat, tool, training, vulnerability

Your employees are using AI whether you’ve sanctioned it or not. And even if you’ve carefully vetted and approved an enterprise-grade AI platform, you’re still at risk of attacks and data leakage. Key takeaways: Security teams face three key risks as AI usage becomes widespread at work: Shadow AI, the challenge of safely sanctioning tools,…
New ClickFix Attacks Exploit Official ChatGPT Website to Deliver macOS Infostealer

Dec 11, 2025 7:32 PM

Tags: attack, chatgpt, cyber, exploit, kaspersky, macOS, malicious, openai, social-engineering

Infostealers have become 2025’s fastest-growing cyberthreat, targeting all operating systems and regions with sophisticated social engineering tactics. In a new campaign discovered by Kaspersky experts, attackers are exploiting users’ interest in OpenAI’s Atlas browser by leveraging the official ChatGPT website itself as a hosting platform for malicious installation guides. The attack begins with paid search…
OpenAI Enhances Defensive Models to Mitigate Cyber-Threats

Dec 11, 2025 6:32 PM

Tags: cyber, openai, risk, threat

OpenAI has reported a surge in performance as GPT-5.1-Codex-Max reaching 76% in capability assessments, and warned of upcoming cyber-risks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/openai-enhances-defensive-models/
OpenAI Flags Rising Cyber Risks as AI Capabilities Advance

Dec 11, 2025 11:32 AM

Tags: ai, cyber, cybersecurity, exploit, openai, risk, zero-day

OpenAI has issued a cautionary statement that its forthcoming AI models could present “high” cybersecurity risks as their capabilities rapidly advance. The warning, published on Wednesday, noted the potential for these AI models to either develop zero-day exploits against well-defended systems or assist in enterprise or industrial intrusion operations with tangible real-world consequences. First seen on thecyberexpress.com Jump to…
OpenAI Flags Rising Cyber Risks as AI Capabilities Advance

Dec 11, 2025 11:32 AM

Tags: ai, cyber, cybersecurity, exploit, openai, risk, zero-day

OpenAI has issued a cautionary statement that its forthcoming AI models could present “high” cybersecurity risks as their capabilities rapidly advance. The warning, published on Wednesday, noted the potential for these AI models to either develop zero-day exploits against well-defended systems or assist in enterprise or industrial intrusion operations with tangible real-world consequences. First seen on thecyberexpress.com Jump to…
2025 Year of Browser Bugs Recap:

Dec 10, 2025 8:33 PM

Tags: access, ai, api, attack, authentication, awareness, browser, cctv, chrome, cloud, communications, computer, credentials, crypto, cyber, data, data-breach, detection, edr, email, endpoint, exploit, flaw, gartner, google, guide, identity, injection, leak, login, malicious, malware, network, openai, passkey, password, phishing, ransom, ransomware, risk, saas, service, threat, tool, update, vulnerability, windows, xss, zero-day

At the beginning of this year, we launched the Year of Browser Bugs (YOBB) project, a commitment to research and share critical architectural vulnerabilities in the browser. Inspired by the iconic Months of Bugs tradition in the 2000s, YOBB was started with a similar purpose”Š”, “Što drive awareness and discussion around key security gaps and…
KI-Browser gefährden Unternehmen

Dec 10, 2025 2:32 PM

Tags: access, ai, chatgpt, ciso, cloud, gartner, injection, macOS, openai, phishing, risk, update, vulnerability

Experten warnen vor der Nutzung von KI-Browsern in Unternehmen.Die Gartner-Analysten Dennis Xu, Evgeny Mirolyubov und John Watts empfehlen Unternehmen dringend, alle KI-Browser aufgrund der Cybersicherheitsrisiken auf absehbare Zeit zu blockieren. Sie stützten ihre Empfehlung auf bereits identifizierte Risiken ‘und andere potenzielle Risiken, die noch entdeckt werden müssen, da es sich um eine sehr junge Technologie…
KI-Browser gefährden Unternehmen

Dec 10, 2025 2:32 PM

Tags: access, ai, chatgpt, ciso, cloud, gartner, injection, macOS, openai, phishing, risk, update, vulnerability

Experten warnen vor der Nutzung von KI-Browsern in Unternehmen.Die Gartner-Analysten Dennis Xu, Evgeny Mirolyubov und John Watts empfehlen Unternehmen dringend, alle KI-Browser aufgrund der Cybersicherheitsrisiken auf absehbare Zeit zu blockieren. Sie stützten ihre Empfehlung auf bereits identifizierte Risiken ‘und andere potenzielle Risiken, die noch entdeckt werden müssen, da es sich um eine sehr junge Technologie…
Gemini for Chrome gets a second AI agent to watch over it

Dec 9, 2025 6:32 PM

Tags: access, ai, attack, banking, browser, chatgpt, chrome, control, corporate, credentials, data, defense, google, injection, LLM, malicious, openai, password, RedTeam, risk

Google’s two-model defense: To address these risks, Google’s solution splits the work between two AI models. The main Gemini model reads web content and decides what actions to take. The user alignment critic sees only metadata about proposed actions, not the web content that might contain malicious instructions.”This component is architected to see only metadata…